Skip to main content

Authentication

All Ariftly API requests require authentication using an API key.

API keys

API keys are long-lived tokens scoped to your Ariftly organization. You can create and manage them in the dashboard under Settings → API Keys.

Creating an API key

  1. Navigate to Settings → API Keys in the dashboard
  2. Click Generate New Key
  3. Give it a descriptive name (e.g., CI/CD Pipeline - Production)
  4. Copy the key immediately — it is only shown once

Key format

ariftly_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keys prefixed with ariftly_sk_live_ are production keys. Test keys (for development/staging) use ariftly_sk_test_.

Using your API key

Include your API key as a Bearer token in the Authorization header on every request:

curl https://api.ariftly.io/v1/projects \
  -H "Authorization: Bearer ariftly_sk_live_xxxx"

SDK usage

import { Ariftly } from '@ariftly/sdk';

const client = new Ariftly({
  apiKey: process.env.ARIFTLY_API_KEY,
});
from ariftly import Ariftly

client = Ariftly(api_key=os.environ["ARIFTLY_API_KEY"])

Security best practices

Never commit API keys

Do not hardcode API keys in source code or commit them to version control. Use environment variables or a secrets manager.

  • Store keys in environment variables (ARIFTLY_API_KEY)
  • Use separate keys per environment (development, staging, production)
  • Use separate keys per service or CI/CD pipeline
  • Rotate keys regularly and immediately after suspected compromise
  • Revoke keys that are no longer in use

Error responses

Authentication errors return 401 Unauthorized:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key",
    "request_id": "req_abc123"
  }
}

If your key is valid but lacks permission for the requested action, you'll receive 403 Forbidden:

{
  "error": {
    "code": "forbidden",
    "message": "This API key does not have permission to perform this action",
    "request_id": "req_def456"
  }
}

Rate limits

PlanRequests per minuteRequests per day
Starter601,000
Growth30010,000
EnterpriseCustomCustom

Rate limit headers are included on every response:

X-RateLimit-Limit: 300
X-RateLimit-Remaining: 287
X-RateLimit-Reset: 1711362060

When rate limited, the API returns 429 Too Many Requests.