All API endpoints require an API key passed as a Bearer token.
Creating a key
- Go to Dashboard → API Keys
- Click Create key
- Give it a name (e.g.
production,dev) - Copy the key — it's shown only once
Using the key
Pass the key in the Authorization header on every request:
Authorization: Bearer wg_your_key
Security
- Keys are stored as SHA-256 hashes — we never store the raw key
- If you lose a key, delete it and create a new one
- Each key can be revoked independently from the dashboard
Error responses
| Code | Meaning |
|---|---|
401 | Missing or invalid API key |
402 | Insufficient credits |
429 | Rate limit exceeded (60 req/min per key) |
Rate limits
Each API key is limited to 60 requests per minute. If you exceed this, you'll receive a 429 response. The limit resets every 60 seconds.
For higher limits, contact us or upgrade to the Scale or Enterprise plan.
WebGlean