Authentication - TenantCore

API key

Every request to the TenantCore API must include your API key in the Authorization header:

Authorization: Bearer tc_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Your key is available at app.tenantcore.io/api. Reveal it, copy it, and store it in a secure location — treat it exactly like a password.

Example request

curl https://api.tenantcore.io/v1/tenants \
  -H "Authorization: Bearer tc_live_your_key_here" \
  -H "Accept: application/json"

Key format

All TenantCore API keys follow this format:

tc_live_<48 hex characters>

Keys that do not match this format will be rejected with 401 Unauthorized.

Plan scoping

Your API key is tied to your active API plan. Two things are enforced on every authenticated request:

Plan check — if your API plan has lapsed or been cancelled, all requests return 402 Payment Required
Tenant ceiling — write operations that would exceed your plan’s tenant limit return 402 Payment Required

Plan	Tenant ceiling
API Starter	25 tenants
API Growth	50 tenants
API Scale	100 tenants

Rotating your key

You can rotate your key at any time from the API page in the app. The old key is invalidated immediately — update all integrations before rotating. You can also rotate via the API itself (authenticated with your current key):

curl -X POST "https://api.tenantcore.io/api-key/rotate?user_email=you@example.com" \
  -H "Accept: application/json"

Error responses

Status	Code	Meaning
`401`	`invalid_auth_header`	Authorization header missing or malformed
`401`	`missing_api_key`	Bearer token is empty
`401`	`invalid_api_key`	Key not found or does not exist
`402`	`no_api_plan`	No active API plan on this account
`402`	`tenant_limit_reached`	Write operation would exceed plan ceiling

Overview

​API key

​Example request

​Key format

​Plan scoping

​Rotating your key

​Error responses