Authentication

The SDK authenticates with a secret API key. Keys look like cesto_sk_… and are sent automatically with every request — you never set headers yourself.

Getting a key

API keys are issued by the Cesto team — there’s no self-serve portal yet.Contact us to request a key: reach out on our community or through your Cesto contact, and let us know which environment (Production or Beta) you need.

Keys are environment-specific: a Production key only works against the Production backend, and a Beta key only against Beta. Request the key for the environment you’re integrating with.

Providing the key

Pass it explicitly, or set the CESTO_API_KEY environment variable and omit it:

const cesto = new Cesto({ apiKey: 'cesto_sk_…' });

If no key is found, the constructor throws.

Environments

Select the backend with the environment option — you choose an environment, not a URL.

`environment`	Backend
`PRODUCTION` (default)	`https://backend.cesto.co`
`BETA`	`https://dev.backend.cesto.co`

const cesto = new Cesto({
  apiKey: process.env.CESTO_API_KEY,
  environment: 'BETA',
});

Keep your key safe

Treat the key like a password — keep it server-side, store it in a secret manager or environment variable, and never commit it to source control. To rotate or revoke a key, contact the Cesto team.

Cesto SDK Configuration

​Getting a key

​Providing the key

​Environments

​Keep your key safe

Getting a key

Providing the key

Environments

Keep your key safe