Coperniq API

Authentication

Authentication

All production API requests must include a valid API key in your headers:

1GET /projects HTTP/1.1
2Host: api.coperniq.io
3x-api-key: YOUR_API_KEY
  • Generate an API key via POST /api-keys using Basic Auth (see API Key in the sidebar for the full endpoint).
  • Store API keys securely and rotate them regularly.
  • You can create multiple keys for different environments or integrations.
  • API keys take on the role of the user authenticated when posting to /api-keys.
  • Send your API key on every request using the x-api-key header for all endpoints in the API Reference.

Best practices for storing API keys

  • Never commit keys to source control. Use environment variables, a secrets manager, or your platform’s secure config (e.g. GitHub Secrets, AWS Secrets Manager, Vault).
  • Use different keys per environment. Separate keys for development, staging, and production make rotation and revocation safer.
  • Restrict key access. Only give key access to systems and people that need it; avoid sharing keys in chat, email, or docs.

How API keys work

  • Scope: Each key is tied to the Coperniq user who created it. Requests made with that key run with that user’s permissions and see only the data that user can access.
  • Expiration: API keys do not expire.

Rate limits

  • Per second: 100 requests per second per API key.
  • Per day: 5,000 requests per day per API key. The daily limit resets every 24 hours (rolling window).
  • Scope: Counts apply to all endpoints that require the x-api-key header; POST /api-keys (key generation) is not counted.
  • If you exceed a limit, the API returns 429 Too Many Requests. Reduce request volume or reach out to support@coperniq.io to request a temporary limit increase.