Renidlyrenidly
Core Concepts

API Keys & Workspaces

2 min read

Each Renidly workspace has exactly one active API key, scoped to that workspace. Understanding the workspace model up front prevents the most common integration mistake — calling an Enterprise endpoint with a Personal key, or vice versa.

Two workspace tiers

Every Renidly account has one or both of these workspaces enabled. They differ in rate limits, the endpoint surface they expose, and billing — not in the structured data they return.

WorkspaceWho it is forPer-minute limitHeader
PersonalSolo developers, side projects, evaluation.Tier-based (see Rate Limits)X-renidly-apikey
EnterpriseProduction workloads, teams, higher throughput, SSO.NegotiatedX-renidly-apikey

Getting your key

  1. Sign in and open Workspace → API Keys.
  2. Copy the key value shown on the page.
  3. Store it in a secret manager (1Password, Vault, AWS Secrets Manager, Doppler) and reference it as RENIDLY_API_KEY in your runtime.

Rotating your key

Because there's only ever one active key per workspace, rotation is destructive — the old key stops working the instant the new one is issued. Plan the rollout so your services pick up the new value before the cutover.

  1. Stage the new key as a secondary secret in your secret manager (e.g. RENIDLY_API_KEY_NEXT).
  2. Deploy a release that prefers RENIDLY_API_KEY_NEXT if it's set, falling back to RENIDLY_API_KEY.
  3. Trigger the rotation from Workspace → API Keys. The dashboard reveals the new value.
  4. Write the new value into RENIDLY_API_KEY_NEXT across your environments. Workers pick it up on their next reload.
  5. Once all instances are using the new value, promote it to RENIDLY_API_KEY and remove the _NEXT shim in the next release.

Permissions and scopes

Today, the active key has full access to every endpoint exposed in its workspace. Per-endpoint scopes are on the roadmap

Security incident response

If you suspect your key has leaked:

  1. Rotate immediately from API Keys — the old value stops working the instant the new one is issued.
  2. Check the request logs for unexpected calls in the last 24 hours.
  3. Email [email protected] with the approximate compromise window — we can confirm whether any pre-rotation usage occurred and from what IPs.
  4. Rotate any other secrets that may have been stored alongside the Renidly key.
← Previous
Your first API call
Next →
Response Envelope