Skip to main content

Authentication

All Shim API requests require an API key passed in the Authorization header.

Getting Your API Key

1

Sign up

Create a free account at console.shim.so/signup
2

Navigate to Console

Go to console.shim.so
3

Generate Key

Click “API Keys” -> “Create Your First Key”
4

Copy and Store

Copy the key immediately. We do not store the full key.

Using Your API Key

Include your API key in the Authorization header as a Bearer token: 
Authorization: Bearer sk_live_xxxxx

Example Request

const response = await fetch('https://api.shim.so/v1/repair', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk_live_xxxxx',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ raw_output: '{"broken": "json"' })
});

Key Format

  • Production keys: sk_live_xxxxx
  • Test keys: sk_test_xxxxx (coming soon)
Never commit API keys to version control. Use environment variables:
export SHIM_API_KEY=sk_live_xxxxx

Rate Limits by Tier

TierRequests/MinuteMonthly Limit
Free1001,000
Pro1,000100,000
Team10,0001,000,000
See Rate Limits for overage behavior.

Security Best Practices

Generate a new key every 90 days. Delete old keys immediately.
Never hardcode keys in source code. Use .env files (gitignored).
Create separate keys for development, staging, and production.
Check your console for unexpected spikes in usage.

Troubleshooting

All responses return HTTP 200. Errors are in the response body under metadata.errors.

INVALID_API_KEY / MISSING_API_KEY

Cause: Invalid, missing, or revoked API key Fix: Check that your key is correct and included in the Authorization header. Check success: false and metadata.errors[0].code in the response body.

RATE_LIMIT_EXCEEDED

Cause: Per-minute rate limit exceeded Fix: Implement exponential backoff or upgrade your tier. Check X-RateLimit-Reset header for when the window resets. See Troubleshooting for more common issues.