Rate Limiting
Limiting access to your API helps to prevent abuse and ensure fair usage among all users.
Using the /api-keys/auth/ endpoint, we can test a key is valid.
curl --location --request POST 'https://api.theauthapi.com/api-keys/auth/[API-KEY]' \
--header 'x-api-key: [ACCESS-KEY]'
Good Result - 200
{
"key": "live_cQkeqA79HV8*********",
"name": "Name your key!",
"customMetaData": {},
"customAccountId": null,
"customUserId": null,
"env": "live",
"createdAt": "2024-11-03T17:09:01.623Z",
"updatedAt": "2024-11-03T17:09:01.623Z",
"isActive": true,
"expiresAt": "2024-11-04T17:16:00.000Z",
"rateLimitConfigs": {
"rateLimit": 10,
"rateLimitTtl": 60
},
"creationContext": {}
}
Rate limit hit - 429
{
"statusCode": 429,
"message": "Too many requests"
}
Access denied - 404
The key has been revoked, or the malformed.
{
"statusCode": 404,
"message": "Invalid client key",
"error": "Not Found"
}