Authentication
Secure your API requests with API keys.
API Keys
The API uses API keys to authenticate requests. You can create and manage API keys in your account settings.
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer rk_live_abc123...API Key Scopes
API keys are assigned a scope that determines what actions they can perform. Scopes are hierarchical - higher scopes include all permissions of lower scopes.
| Scope | Permissions |
|---|---|
read | Read filings, policies, and account information |
write | All read permissions + create and update filings and policies |
submit | All write permissions + submit filings to state portals |
admin | Full access including organization settings and user management |
Rate Limits
API requests are rate limited to ensure fair usage. Limits vary by plan:
| Plan | Rate Limit |
|---|---|
| Starter | 100 requests/hour |
| Professional | 1,000 requests/hour |
| Enterprise | Custom limits |
Rate limit information is included in response headers:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1704067200Authentication Errors
401UnauthorizedThe API key is missing or invalid. Ensure you're including the Authorization header with a valid key.
403ForbiddenThe API key doesn't have permission for this action. Check that your key has the required scope.
429Too Many RequestsYou've exceeded the rate limit. Wait until the reset time indicated in the X-RateLimit-Reset header.
Best Practices
- Use environment variables - Never hardcode API keys in your code
- Use minimal scopes - Only request the permissions you need
- Rotate keys regularly - Regenerate API keys periodically
- Monitor usage - Keep track of your API key usage in the dashboard