Skip to main content

Overview

The Stover API supports two authentication modes:
ModeUse CaseAuthentication
AuthenticatedServer-to-server integrationsAPI Key (Bearer token)
PublicLead capture formsNone (rate limited)

Authenticated Mode

Use authenticated mode for server-side integrations.

API Key Format

stover_pk_xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Making Requests

Include your API key in the Authorization header: 
curl -X POST https://api.stover.app/v1/contacts \
  -H "Authorization: Bearer stover_pk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"first_name": "Jane", "last_name": "Doe", "email": "[email protected]"}'

Getting an API Key

  1. Log in to your Stover Dashboard
  2. Navigate to Settings > API Keys
  3. Click Generate New Key
  4. Copy and securely store your API key
API keys are only shown once. If you lose your key, you’ll need to generate a new one.

Public Mode

Public mode allows contact creation from websites without exposing API keys.

When to Use

  • Contact forms on your website
  • Landing page lead capture
  • Newsletter signup forms

Limits

LimitValue
Rate limit20 requests/min per IP
Payload size50KB max

Making Requests

Omit the Authorization header: 
const response = await fetch('https://api.stover.app/v1/contacts', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    first_name: 'Jane',
    last_name: 'Doe',
    email: '[email protected]',
    utm_source: 'website'
  })
});

Error Codes

StatusDescription
401Missing or invalid API key
403Insufficient permissions
429Rate limit exceeded

Best Practices

Never expose API keys

Use public mode for browser requests.

Use environment variables

Store keys in env vars, not source code.

Rotate keys regularly

Generate new keys periodically.

Use HTTPS only

Always use HTTPS for requests.