Skip to main content
Every request to the Signa API needs a Bearer token in the Authorization header.
Authorization: Bearer sig_YOUR_KEY

Getting your API key

Sign up at app.signa.so and navigate to API Keys in the sidebar. Click + Create new key, give it a name, and copy the full key immediately: it is only shown once. Manage all your keys (create, rotate, revoke) from the API Keys dashboard.

Key format

API keys use the format sig_ followed by 48 hex characters. Unrecognized prefixes are rejected with 401 before any lookup.

Scopes

Each API key has one or more scopes that control what it can access:
ScopeGrants access to
trademarks:readTrademark records, owners, attorneys, firms, proceedings: all public catalog data
events:readEvent feed (/v1/events). Plan-gated.
portfolios:manageCustomer-owned resources: portfolios, saved searches, watches, alerts, webhooks
api-keys:manageAPI key creation, rotation, update, and revocation
organization:manageOrganization settings (e.g. renaming the organization)
billing:readUsage, plan, and log endpoints

Key rotation

Rotate a key when you suspect it has been compromised, when a team member leaves, or as part of regular security hygiene. Rotate from the API Keys dashboard (open the menu on a key and select Rotate key) or programmatically via the Rotate API Key endpoint. Rotation issues a new key; the old key keeps working for a 24-hour grace period so you can roll the new secret out to your services without downtime.
API keys are for server-to-server use only. Never ship a sig_ key in client-side code (browser JavaScript, mobile apps, or anything a user can inspect); call the Signa API from your backend and proxy requests to any frontend that needs the data.