API keys
Every request is authenticated with an API key. Keys are created and managed from your free RankNibbler account.
Creating & managing keys
Keys are created, listed and revoked from your API dashboard — there's no anonymous endpoint to mint one.
- Create a free account (or sign in).
- Open your API dashboard and create an API key.
- Copy it immediately — for security the key is shown once and can't be retrieved again.
Keys look like rnk_live_…. We store only a hash, so a lost key can't be recovered — just create a new one.
You can hold up to 10 keys at once. Multiple keys are for organising and rotating access — e.g. one per app — so you can revoke a single key without disrupting the others. Revoking a key disables it immediately.
Using a key
Send it as an X-API-Key header (preferred) or a ?key= query parameter. See Authentication for examples.
Keeping keys safe
- Call the API from your server, never from public client-side code.
- Don't commit keys to source control — use environment variables.
- Rotate keys periodically, and revoke any that may have leaked from your dashboard.
Tiers & limits
The free tier includes 100 requests per day, counted globally across your whole account and shared by all your keys — creating more keys does not add quota. Each response carries a usage object so you can track consumption, and going over returns 429 — see Rate limits.