API Authentication

Authenticate your API requests using API keys and manage access tokens.

Authentication Method

All API requests must include a valid API key in the Authorization header. Rankfender uses Bearer token authentication.

Getting Your API Key

  1. Log in to your Rankfender dashboard
  2. Go to Workspace Settings → API Keys
  3. Click "Generate New Key"
  4. Give the key a descriptive name (e.g., "Production Website")
  5. Copy the key immediately -- it won't be shown again
API key management interface in workspace settings

Using Your API Key

Include the key in every API request:

curl -X GET https://api.rankfender.com/v1/projects \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Key Types

  • Full Access Key: Read and write access to all endpoints
  • Read-Only Key: Only allows GET requests
  • Project-Scoped Key: Limited to a specific project

Security Best Practices

  • Never expose API keys in client-side code or public repositories
  • Use environment variables to store keys
  • Rotate keys periodically
  • Use the minimum permission level needed
  • Revoke keys immediately if compromised

Revoking a Key

To revoke an API key:

  1. Go to Workspace Settings → API Keys
  2. Find the key in the list
  3. Click "Revoke"
  4. The key is immediately disabled -- all requests using it will return 401

Authentication Errors

  • 401 Unauthorized -- Missing or invalid API key
  • 403 Forbidden -- Key doesn't have permission for this action
Previous
API Overview
Next
Rate Limits