Authentication
The Apertur API uses API keys for authentication. Keys are scoped to a project.
API key format
API keys follow the format:
aptr_{random}| Part | Value | Description |
|---|---|---|
| aptr | Fixed prefix | Identifies an Apertur key |
| random | 32 hex chars | Cryptographically random secret |
Example:
aptr_z9y8x7w6v5u4t3s2r1q0p9o8n7m6l5k4
Sending the API key
Include your API key in the Authorization header of every request using the Bearer scheme:
Authorization: Bearer aptr_xxxx
API keys must be kept secret. Never expose them in client-side JavaScript or commit them to version control. Use environment variables on your server.
Rate limits
The API applies rate limits per API key. Limits are returned in response headers:
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 97 X-RateLimit-Reset: 1711627200
| Endpoint | Limit | Window |
|---|---|---|
| POST /api/v1/sessions | 100 requests | per minute |
| GET /api/v1/sessions | 300 requests | per minute |
| All other endpoints | 200 requests | per minute |
When a rate limit is exceeded, the API returns 429 Too Many Requests. See the Errors page for details.