Authentication
Authentication is performed by including your API key in the X-Api-Key HTTP header with each request:
X-Api-Key: your_api_keyAll requests must include a User-Agent header identifying your application. To ensure your requests are not blocked, provide a user agent that clearly identifies your application. Requests with missing or invalid user agents may be subject to additional filtering.
Getting Your API Key
Section titled “Getting Your API Key”Once you create an account, you’ll receive an API key that you can find in your dashboard. If you suspect your key has been compromised or need to rotate it for security reasons, you can generate a new key directly from your dashboard at any time.
API Authentication Explained — Learn about API keys, authentication best practices, and security fundamentals
Security Best Practices
Section titled “Security Best Practices”- Keep it secret: Never share your API key publicly or commit it to version control systems.
- Use environment variables: Store your API key in environment variables rather than hard-coding it.
- Rotate regularly: If you suspect your key has been compromised, generate a new one immediately (you can do it in your dashboard).
Rate Limits & Quota
Section titled “Rate Limits & Quota”Request quotas are tied to your plan:
- Free: 100 requests per day
- Developer: 10,000 requests per month
- Professional: 50,000 requests per month
- Business: 150,000 requests per month
- Enterprise: Custom request limits
Every API response includes X-Quota-* headers showing your current usage, remaining quota, and reset time. For best performance, spread requests over time and avoid burst patterns.
When you exceed your quota, the API returns a 429 Too Many Requests error with details in the response headers. See the Error Responses and Quota Headers sections for complete information on handling rate limits and monitoring your usage.