All StackOne APIs use Basic Auth with your API key as username and an empty password.
Get Your API Key
- Go to Configuration → API Keys in the dashboard
- Click Create API Key and copy it securely
API keys are shown only once. Store securely in a password manager or environment variable.
Using Your API Key
All StackOne APIs use Basic Auth with your API key as username and empty password.
# -u flag auto-encodes to base64
curl -u "$STACKONE_API_KEY:" https://api.stackone.com/accounts
const encoded = Buffer.from(`${apiKey}:`).toString('base64');
fetch(url, { headers: { 'Authorization': `Basic ${encoded}` } });
import base64
encoded = base64.b64encode(f"{api_key}:".encode()).decode()
headers = {'Authorization': f'Basic {encoded}'}
For APIs that operate on a linked account, include the x-account-id header:
Get Account
Execute Action
curl -u "$API_KEY:" \
-H "x-account-id: your-account-id" \
https://api.stackone.com/accounts/your-account-id
curl -X POST -u "$API_KEY:" \
-H "x-account-id: your-account-id" \
-H "Content-Type: application/json" \
https://api.stackone.com/actions/rpc \
-d '{"action": "google_drive_list_files", "query": {}}'
API Key Scopes
| Scope | Access |
|---|
| Full Access | All operations (default) |
| Read Only | GET requests only |
| Accounts | Account management |
| Actions | Action execution via RPC |
Fine-grained scopes are an add-on feature. Contact your account manager for access.
Base URL
| API | Pattern |
|---|
| Platform | /accounts, /actions/rpc, /connectors |
| Unified | /unified/{category}/{resource} |
| MCP | /mcp |
Error Responses
| Code | Meaning |
|---|
401 | Invalid or missing API key |
403 | API key lacks required scope |
404 | Invalid account ID |
412 | Account suspended or expired |
For all error codes including rate limits (429), timeouts (408), and provider errors (502), see the Error Codes Guide.
Next Steps
MCP
A2A