Authentication
How to authenticate your API requests.
Every request needs an API key, sent as a bearer token.
Get a key
Create one in your workspace settings. You need a Growth or Scale plan. Keys look like:
roasos_sk_0d80bcba7586d8f...
Use it
Add it to the Authorization header on every request:
curl https://api.roasos.com/v1/account \
-H "Authorization: Bearer roasos_sk_..."
If the key is missing or invalid, you’ll get a 401 with a clear error code (missing_api_key or invalid_api_key).
Rate limits
| Type | Limit |
|---|---|
Reads (GET) |
60 requests / minute |
Writes (POST) |
10 requests / minute |
Every successful response includes your current limits in headers:
X-RateLimit-LimitX-RateLimit-RemainingX-RateLimit-Reset
If you go over, you’ll get a 429. Wait until the reset time and try again.
Spend controls
Each key can have its own spending limits — a max price per request, daily and monthly budgets, and an approval threshold. Check them any time:
curl https://api.roasos.com/v1/limits \
-H "Authorization: Bearer roasos_sk_..."