Overview
All SpringAPI requests require a valid API access token.
Authentication is performed by including your token in the X-Spring-API-Key request header.
Required Header
| Header | Type | Required | Description |
| X-Spring-API-Key | string | Yes | Your SpringAPI access token |
Header Format
Include the header in every request:
X-Spring-API-Key: YOUR_API_TOKENExample:
GET https://api.awardspring.com/api/award-cycles
X-Spring-API-Key: YOUR_API_TOKEN
Authentication Behavior
- Requests without the X-Spring-API-Key header will return 401 Unauthorized
- Requests with an invalid or revoked token will return 401 Unauthorized
- Results returned by an endpoint are limited to data accessible by the token
Token Management
- Tokens are generated and managed from the API Management screen in the AwardSpring administrator interface (See "Settings" / "SpringAPIs")
- Up to 10 active tokens may exist at one time
- Tokens may be revoked or regenerated at any time
Security Best Practices
- Treat API tokens as confidential credentials
- Do not expose tokens in client-side code
- Store tokens securely in environment variables or a secrets manager
- Rotate tokens periodically according to your institution’s security policy