​

Authentication

Our API uses a multi-layered authentication system designed to ensure secure access while maintaining high performance and reliability.

​

API Key Authentication

All requests to our API must include an API key in the headers:

headers: {
'x-api-key': 'your-api-key-here'
}

​

Domain-Based Access Control

The API implements domain-based CORS protection:

1. Each API key is associated with specific allowed domains
2. Requests must include both the API key and origin header
3. The system validates that the origin is allowed for the provided API key
4. If validated, appropriate CORS headers are set for the response

​

Rate Limiting

To protect our services, we implement Redis-based rate limiting:

• Default limit: 40 requests per time window
• Block duration: 12 seconds
• Rate limits are tracked per IP address
• Special bypass for trusted API keys

​

Special Access

For special access please contact the founding team.

​

Best Practices

1. Implement proper error handling for rate limit responses (429 status)
2. Setup the correct cors settings for the given api key

​

Error Responses

The API may return the following authentication-related errors:

• 401: Missing or invalid API key
• 403: Unauthorized domain
• 429: Rate limit exceeded

For implementation examples, refer to our SDK Introduction guide.