Getting started with the public API
Create your developer account, generate your sk_live_ key and make your first call to the Sanctumel API in five minutes.
The Sanctumel public API lets you display a church's public data on any website or application: profile, upcoming events, announcements and live status. It also gives access to the Bible in several languages. It is read-only, free, and used with a personal API key.
1. Create your developer account
- Open developers.sanctumel.com and click Get my API key.
- Choose the Create an account tab, fill in your name, email and password.
- Open the verification email you receive and confirm your address. This step is mandatory: it is impossible to create a key with an unverified address.
Note: the developer account is independent of a church account. You can be a developer without administering any church.
2. Generate your key
- Sign in on the My API keys page.
- Give your key a name (for example "Parish website") and click Create a key.
- Copy the key immediately. It starts with
sk_live_and will never be shown again: Sanctumel only keeps a cryptographic fingerprint of it, just like a password.
You can have up to 5 active keys at the same time (one per website or application, which is the best practice) and revoke each one at any time - revocation is immediate.
3. First call
All requests are made over HTTPS with your key in the Authorization header:
curl https://api.sanctumel.com/api/public/v1/churches/mon-eglise \
-H "Authorization: Bearer sk_live_votre_cle"
The response is JSON:
{
"slug": "mon-eglise",
"name": "Mon Église",
"city": "Bruxelles",
"country": "BE",
"language": "fr",
"publicPage": "https://sanctumel.com/p/…"
}
Which churches are accessible?
Only those that have made their profile public. Each church decides its visibility in its Sanctumel settings; a non-public church returns 404 - the API does not even reveal its existence. The slug of a public church is visible in the address of its Sanctumel page.
Limits and errors
| Code | Meaning | What to do |
|---|---|---|
401 | Key missing, invalid or revoked | Check the Authorization: Bearer sk_live_… header |
404 | Church not found or profile not public | Check the slug; the church must have chosen public visibility |
405 | Method not allowed | The API is read-only: GET only |
429 | Too many requests | Limit: 120 requests/minute per key - cache on your side |
Security best practices
- Never put the key in code visible to the browser (front-end JavaScript): call the API from your server and serve the result to your pages.
- One key per use case: if a site is compromised, revoke its key without touching the others.
- Cache the responses (events do not change every second): you will stay well below the rate limit.
Going further
- Endpoint reference - all endpoints, parameters and detailed responses.