Authentication
VoxBurst uses API key authentication. All requests require a Bearer token in the Authorization header.
API Keys
Authorization: Bearer sk_live_xxxxxxxxxxxxxAPI keys are prefixed with:
sk_live_— Production keyssk_test_— Staging/test keys
Create and manage your API keys in the VoxBurst dashboard .
Keep your API keys secret. Never commit them to version control or expose them in client-side code.
Scopes
API keys can be scoped to specific permissions. Use the minimum scopes required for your use case.
| Scope | Description |
|---|---|
posts:read | Read posts and their status |
posts:write | Create, update, delete, and publish posts |
accounts:read | List connected social accounts |
accounts:write | Connect and disconnect social accounts |
media:read | View uploaded media files |
media:write | Upload and delete media files |
webhooks:read | View webhook configurations |
webhooks:write | Create, update, and delete webhooks |
Rate Limiting
Rate limits are applied per API key based on your plan:
| Plan | Requests/Minute |
|---|---|
| Free | 60 |
| Solo | 120 |
| Pro | 300 |
| Team | 600 |
| Business | 1,200 |
Rate limit information is returned in response headers:
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 118
X-RateLimit-Reset: 1707753600When rate limited, the API returns 429 Too Many Requests with a Retry-After header indicating when to retry.
Environment Variables
Store your API key as an environment variable:
# .env
VOXBURST_API_KEY=sk_live_xxxxxxxxxxxxximport { VoxBurstClient } from '@voxburst/sdk'
const client = new VoxBurstClient({
apiKey: process.env.VOXBURST_API_KEY,
})Use different API keys for development and production environments to limit the blast radius of a leaked key.
Error Responses
Authentication failures return:
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
}| Status | Code | Cause |
|---|---|---|
401 | UNAUTHORIZED | Missing or invalid API key |
403 | FORBIDDEN | Valid key but insufficient scope |
429 | RATE_LIMITED | Rate limit exceeded |