Skip to main content
Sheet Ninja lets you control who can access your endpoints using API keys and access tokens. By default, new projects are public and read-only. This means anyone with your endpoint URL can fetch data, but they cannot add, change, or delete anything. Enabling authentication allows you to protect read access and securely enable write access.

How it Works

In a Project Dashboard, head to the Authentication tab. When you create a new token, you choose which operations (like Read, Add, or Delete) that token should protect. Authentication As soon as a token is set to protect an operation, that operation becomes Private. From then on, any request to that endpoint must include a valid token, or Sheet Ninja will block it.

Authentication methods

Sheet Ninja uses the Bearer Token scheme. To authenticate your requests, include an Authorization header with your API token: 
Authorization: Bearer your_api_token_here
If you’re using an AI agent (like Claude or ChatGPT), you can simply provide the token and tell it to “use this as a Bearer token for all Sheet Ninja requests.”

Best practices

  • Keep API keys secret and store them securely
  • Never expose API keys in frontend or client-side applications
  • Rotate keys periodically, especially if a key may have been exposed
  • Use separate API keys for different services or integrations