Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.offthehook.dev/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Off the Hook API must include your API key in the Authorization header. The API uses standard Bearer token authentication — there are no sessions, cookies, or OAuth flows to manage.

Header format

Include your API key on every request to a /v1/* endpoint: 
Authorization: Bearer oth_YOUR_API_KEY
API keys are always prefixed with oth_. Here is a complete curl example: 
curl https://api.offthehook.dev/v1/subscriptions \
  -H "Authorization: Bearer oth_YOUR_API_KEY"
Store your API key in an environment variable and reference it in your code and scripts rather than hardcoding it. For example: export OTH_API_KEY=oth_... and then -H "Authorization: Bearer $OTH_API_KEY". Never commit an API key to source control.

Error responses

If the Authorization header is missing, malformed, or contains an invalid key, the API returns a 401 Unauthorized response: 
{
  "error": "unauthorized",
  "message": "invalid API key",
  "requestId": "..."
}
The error field is a stable string code you can branch on in your error handling logic. The message field is a human-readable description intended for debugging.
Every error response includes a requestId field. The same value is also present in the X-Request-Id response header on every API response, including successful ones. If you contact support about an unexpected error, include the requestId so the team can locate the request in the logs.