Authentication

The Truly API uses API keys for authentication. Include your API key in all requests using the Authorization header.

API Key Header

Authorization: Bearer YOUR_API_KEY

Security Best Practices

Store API keys securely using environment variables
Never expose API keys in client-side code or public repositories
Rotate API keys periodically
Use separate API keys for development and production

Rate Limiting

100 requests per minute per API key
Rate limit headers are included in responses
Contact us to discuss higher rate limits

Error Responses

{
"error": "Unauthorized",
"message": "Invalid or missing API key",
"status": 401
}

Truly API Documentation Privacy Architecture

On this page

Authentication
API Key Header
Security Best Practices
Rate Limiting
Error Responses