Skip to main content
The Ruddr API uses API keys to authenticate requests. Each key grants full read and write access to all data within a workspace, so treat them like passwords. To create an API key, follow the steps in the Quick Start guide.

Using the API Key

Include the API key in the Authorization header using the Bearer scheme: 
Authorization: Bearer <token>

Key Management

  • No expiration: API keys are valid indefinitely until explicitly revoked.
  • Revocation: Delete a key from Settings > API Keys in your workspace. Revocation takes effect immediately — any request using that key will return 401.
  • No scopes: All keys have the same access level. There are no read-only or restricted keys.

Security Best Practices

  • Store keys securely: Use environment variables or a secrets manager. Never hard-code keys in source code.
  • Server-side only: API keys should only be used in server-side code. Never expose them in client-side JavaScript, mobile apps, or public repositories.
  • Rotate periodically: Create a new key, update your integration, then delete the old one.

Rate Limits

API requests are rate limited to 20 requests per second with a burst capacity of 60 requests. Rate limits are shared across all API keys in a workspace. If the limit is exceeded, the API returns a 429 response. Back off and retry after a short delay.

Errors

401 Unauthorized

The API key is missing, malformed, or does not match a valid key: 
{
  "status": 401,
  "message": "The provided bearer token is missing or invalid."
}

423 Locked

API access has been disabled for the workspace: 
{
  "status": 423,
  "message": "API access is disabled, please contact support for assistance."
}

429 Too Many Requests

The workspace has exceeded the rate limit: 
{
  "status": 429,
  "message": "Too many requests"
}