Authentication

The Truly API uses API keys for authentication. Include your API key in all requests using the Authorization header.

API Key Header

Authorization: Bearer YOUR_API_KEY

Security Best Practices

  • Store API keys securely using environment variables
  • Never expose API keys in client-side code or public repositories
  • Rotate API keys periodically
  • Use separate API keys for development and production

Rate Limiting

  • 100 requests per minute per API key
  • Rate limit headers are included in responses
  • Contact us to discuss higher rate limits

Error Responses

{
"error": "Unauthorized",
"message": "Invalid or missing API key",
"status": 401
}