API Key Authentication

The Reap Automation API uses API key authentication. You’ll need to include your API key in the Authorization header of every request.

Getting Your API Key

  1. Log in to your Reap dashboard
  2. Navigate to Profile > Settings > API Keys
  3. Click Create a Secret Key
  4. Give your key a descriptive name. This is only for your reference.
  5. Optionally, set an expiration date for the key. Keys are not expired by default.
  6. Click Create Key to generate the API key.
  7. Copy the generated API key (store it securely - you won’t be able to see it again)

Keep your API key secure! Don’t commit it to version control or share it publicly. Store it in environment variables or a secure configuration management system.

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer prefix:

curl -X GET "https://public.reap.video/api/v1/automation/get-all-projects" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Authentication Headers

HeaderValueRequired
AuthorizationBearer YOUR_API_KEYYes
Content-Typeapplication/jsonYes

API Key Management

Security Best Practices

Environment Variables

Store your API key in environment variables rather than hardcoding it in your application.

Regular Rotation

Rotate your API keys regularly for enhanced security.

Least Privilege

Use separate API keys for different environments (development, staging, production).

Monitor Usage

Monitor your API key usage to detect any unauthorized access.

Key Expiration

API keys do not expire by default. You can:

  • Set custom expiration dates when creating keys
  • Create non-expiring keys (recommended for production)
  • Monitor expiration dates in your dashboard
  • Revoke keys at any time

Revoking API Keys

To revoke an API key:

  1. Go to Profile > Settings > API Keys in your dashboard
  2. Find the key you want to revoke
  3. Click Revoke or Delete

Revoking an API key immediately invalidates all requests using that key. Make sure to update your applications before revoking keys.

Rate Limiting

All API requests are subject to rate limiting:

  • 10 requests per minute per API key
  • Rate limit headers are included in all responses
  • Exceeding limits returns a 429 Too Many Requests error

Rate Limit Headers

HeaderDescription
X-RateLimit-LimitMaximum requests per minute
X-RateLimit-RemainingRemaining requests in current window
X-RateLimit-ResetTime when rate limit resets (Unix timestamp)

Error Responses

Authentication Errors

Status CodeErrorDescription
401UnauthorizedMissing or invalid API key
403ForbiddenAPI key doesn’t have required permissions
429Too Many RequestsRate limit exceeded

Example Error Response

{
  "error": "Unauthorized",
  "message": "Invalid API key",
  "status": 401
}

Testing Authentication

Test your API key with a simple request to get your presets:

curl -X GET "https://public.reap.video/api/v1/automation/get-all-presets" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

A successful response indicates your authentication is working correctly.