Coperniq API

Authentication | Coperniq API

Authentication

All production API requests must include a valid API key in your headers:

1GET /projects HTTP/1.1
2Host: api.coperniq.io
3x-api-key: YOUR_API_KEY
  • Generate an API key via POST /api-keys using Basic Auth (see API Key in the sidebar for the full endpoint).
  • Store API keys securely and rotate them regularly.
  • You can create multiple keys for different environments or integrations.
  • API keys take on the role of the user authenticated when posting to /api-keys.
  • Send your API key on every request using the x-api-key header for all endpoints in the API Reference.

Best practices for storing API keys

  • Never commit keys to source control. Use environment variables, a secrets manager, or your platform’s secure config (e.g. GitHub Secrets, AWS Secrets Manager, Vault).
  • Use different keys per environment. Separate keys for development, staging, and production make rotation and revocation safer.
  • Restrict key access. Only give key access to systems and people that need it; avoid sharing keys in chat, email, or docs.

How API keys work

  • Scope: Each key is tied to the Coperniq user who created it. Requests made with that key run with that user’s permissions and see only the data that user can access.
  • Expiration: API keys do not expire.

Rate limits

  • Per second: 100 requests per second per API key.
  • Per day: 5,000 requests per day per API key.
  • Scope: Counts apply to all endpoints that require the x-api-key header; POST /api-keys (key generation) is not counted.
  • If you exceed a limit, the API returns 429 Too Many Requests. Reduce request volume or reach out to support@coperniq.io to request a temporary limit increase.

Rate limit headers

Every authenticated response includes headers so you can track your usage programmatically:

HeaderDescriptionExample
X-RateLimit-LimitMaximum requests allowed in the current period5000
X-RateLimit-RemainingRequests remaining in the current period4832
1HTTP/1.1 200 OK
2X-RateLimit-Limit: 5000
3X-RateLimit-Remaining: 4832

Use these headers to implement backoff logic in your integration and avoid hitting 429 errors.

Note: X-RateLimit-Remaining is an approximate value, not a real-time counter. Usage data from AWS may lag by a few minutes, and the value is cached for up to 60 seconds per API key. Do not rely on it for precise accounting — treat it as a near-term estimate of your remaining quota.