Authentication Guide

Learn how to authenticate with the WebScout API using API keys. All API requests require proper authentication.

API Key Authentication

WebScout employs industry-standard API key authentication with Bearer token authorization. Secure your requests with encrypted API keys and enjoy enterprise-grade protection.

Header Format 
Authorization: Bearer YOUR_API_KEY

📝 Getting Started

  1. Generate an API key using the form below
  2. Include the API key in the Authorization header of your requests
  3. Make requests to the protected endpoints
  4. Monitor your usage and rate limits
POST /v1/auth/generate-key Generate API Key
Generate a new API key for accessing the WebScout API. Each key has configurable rate limits and permissions.

Request Parameters

username string required
Unique username for the API key holder.
name string required
Display name or description for the API key.
rate_limit integer optional
Requests per minute limit. Default: 60

🔑 Generate API Key

POST /v1/auth/validate-key Validate API Key
Validate an existing API key and retrieve information about its permissions and usage.

Validate Key

🛡️ Security Best Practices

🔒

Keep Keys Secret

Never expose your API keys in client-side code or public repositories.

🔄

Rotate Regularly

Regularly rotate your API keys to maintain security.

📊

Monitor Usage

Keep track of your API usage and set appropriate rate limits.

🌐

Use HTTPS

Always use HTTPS when making API requests to protect your keys in transit.

⚡ Rate Limiting

API requests are subject to rate limiting to ensure fair usage and system stability. Rate limits are enforced per API key and are measured in requests per minute.

Tier
Rate Limit
Description
Free
60/min
Default rate limit for new keys
Premium
300/min
Higher limits for premium users
Enterprise
1000/min
Custom limits for enterprise

Rate Limit Headers

Each API response includes headers with rate limit information:

  • X-RateLimit-Limit - Your rate limit ceiling for that given request
  • X-RateLimit-Remaining - Number of requests left for the time window
  • X-RateLimit-Reset - UTC epoch seconds when the rate limit resets