Authentication

VoxBurst uses API key authentication. All requests require a Bearer token in the Authorization header.

API Keys


Authorization: Bearer sk_live_xxxxxxxxxxxxx

API keys are prefixed with:

sk_live_ — Production keys
sk_test_ — Staging/test keys

Create and manage your API keys in the VoxBurst dashboard .

Keep your API keys secret. Never commit them to version control or expose them in client-side code.

Scopes

API keys can be scoped to specific permissions. Use the minimum scopes required for your use case.

Scope	Description
`posts:read`	Read posts and their status
`posts:write`	Create, update, delete, and publish posts
`accounts:read`	List connected social accounts
`accounts:write`	Connect and disconnect social accounts
`media:read`	View uploaded media files
`media:write`	Upload and delete media files
`webhooks:read`	View webhook configurations
`webhooks:write`	Create, update, and delete webhooks

Rate Limiting

Rate limits are applied per API key based on your plan:

Plan	Requests/Minute
Free	60
Solo	120
Pro	300
Team	600
Business	1,200

Rate limit information is returned in response headers:


X-RateLimit-Limit: 120
X-RateLimit-Remaining: 118
X-RateLimit-Reset: 1707753600

When rate limited, the API returns 429 Too Many Requests with a Retry-After header indicating when to retry.

Rate Limit Headers

Every API response includes headers to help you manage request pacing:

Header	Description	Example
`X-RateLimit-Limit`	Maximum requests allowed per minute	`120`
`X-RateLimit-Remaining`	Requests remaining in current window	`118`
`X-RateLimit-Reset`	Unix timestamp when the limit resets	`1707753600`

Example Response with Rate Limit Headers


HTTP/1.1 200 OK
Content-Type: application/json
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 118
X-RateLimit-Reset: 1707753600
 
{
  "id": "post_abc123",
  "content": "Hello from VoxBurst!",
  "status": "SCHEDULED"
}

Use different API keys for development and production environments to limit the blast radius of a leaked key.

Environment Variables

Store your API key as an environment variable:


# .env
VOXBURST_API_KEY=sk_live_xxxxxxxxxxxxx


import { VoxBurstClient } from '@voxburst/sdk'
 
const client = new VoxBurstClient({
  apiKey: process.env.VOXBURST_API_KEY,
})

Error Responses

Authentication failures return:


{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

Status	Code	Cause
`401`	`UNAUTHORIZED`	Missing or invalid API key
`403`	`FORBIDDEN`	Valid key but insufficient scope
`429`	`RATE_LIMITED`	Rate limit exceeded