API keys
All endpoints (except/v1/health and webhooks) require a Bearer token.
Key types
| Key type | Prefix | Access |
|---|---|---|
| Read | rw_live_... | All GET endpoints |
| Admin | rw_admin_... | All endpoints including sync triggers, data management, and key management |
Rate limiting
Each API key gets 100 requests per 60-second sliding window. Every response carries the current state in headers, and exceeding the limit returns429 Too Many Requests.
| Header | Meaning |
|---|---|
X-RateLimit-Limit | Requests allowed per window |
X-RateLimit-Remaining | Requests left in the current window |
X-RateLimit-Reset | Unix timestamp (seconds) when the window resets |
Retry-After | Seconds to wait before retrying, sent only on 429 |