Authentication
How GKit SheetsAPI authentication works — your userKey, optional API keys, and Google OAuth scopes.
Your userKey
When you connect Google, SheetsAPI creates a userKey that scopes every request
to your account and spreadsheets. It appears in your API URLs:
https://sheetsapi.gkit.mreshank.com/api/spreadsheets/{userKey}/{sheetName}
Public by default, key-protected when you choose
Endpoints are public until you create your first API key. As soon as you create one in the dashboard, every request must carry a valid key as a bearer token:
curl https://sheetsapi.gkit.mreshank.com/api/spreadsheets/{userKey}/Contacts \
-H "Authorization: Bearer sk_your_api_key"API keys are prefixed with sk_. Create and revoke them anytime from the dashboard —
revoked keys stop working immediately.
Google OAuth scopes
SheetsAPI requests only what it needs to read and write your sheets:
openid,emailhttps://www.googleapis.com/auth/spreadsheetshttps://www.googleapis.com/auth/drive.file
Your Google refresh token is encrypted at rest before it is stored. See accounts & SSO for how the GKit account model works.