Snoze Developers

Authentication

Authenticate API and MCP requests with workspace API keys.

All programmatic access to Snoze authenticates with an API key scoped to a workspace.

Creating a key

Create and manage keys in Workspace settings → API keys. Each key has:

  • a workspace it belongs to — the key itself pins which workspace flat routes like /v1/items operate on,
  • a set of scopes limiting what it can read and write,
  • an optional expiry.

Treat keys like passwords: store them in a secret manager, never commit them, and rotate them if exposed.

Using a key

Pass the key as a bearer token:

curl https://api.snoze.dev/v1/items \
  -H "Authorization: Bearer $SNOZE_API_KEY"

Scopes

Keys are least-privilege by default: grant only the scopes an integration needs. A request beyond a key's scopes fails with 403 forbidden; items a key can't see are filtered out of listings and read as 404. A key can also never exceed what its workspace membership allows — scopes narrow access, they don't add it.

The catalog, grouped by what most integrations need first:

ScopeGrants
resources:read / resources:writeList, read, create, move, and delete sidebar items (/v1/items).
databases:read / databases:writeRead and change database schemas.
records:read / records:write / records:commentRead, write, and comment on database records.
files:read / files:writeDownload descriptors and uploads (/v1/files).
surfaces:read / surfaces:writePage, note, dashboard, canvas, and form surfaces.
blocks:read / blocks:write / blocks:commentPage block content (used by MCP page editing).
views:read / views:writeSaved database views — the query layer for records.
canvas:read / canvas:writeCanvas elements.
actions:read / actions:write / actions:runWorkspace actions, including running them.
automations:read / automations:writeAutomation graphs and runs.
webhooks:read / webhooks:writeOutbound and inbound webhook endpoints.
data_sources:read / data_sources:writeExternal data source syncs.
integrations:read / integrations:writeConnected apps.
ai:read / ai:writeAssistant and AI-database features.
time_entries:read / time_entries:write / time_entries:manageTime tracking.
workspace:read / workspace:update / workspace:deleteWorkspace metadata.
members:read / members:invite / members:manageMembership.
api_keys:read / api_keys:writeManaging keys themselves.
billing:read / billing:managePlan and billing state.

A minimal read-only reporting key is resources:read + databases:read + records:read; a typical two-way integration adds the matching :write scopes and files:write.

On this page