Getting Started

Authentication

2 min read

Every Renidly request is authenticated with a single header. Two steps to get from a fresh account to a verified, working integration.

Renidly uses a long-lived API key. There's no OAuth dance, no token refresh — just a header on every request. Each workspace has exactly one active key, scoped to that workspace — a Personal key can't call Enterprise endpoints and vice versa.

1Copy your API key

Open Workspace → API Keys

Sign in, open Workspace → API Keys, and get your key. Copy it immediately and store it in a secret manager (1Password, Doppler, Vault, AWS Secrets Manager, or your runtime's environment).

2Send it on every request

The `X-renidly-apikey` header

Add the header to any request. The Tier endpoint is a good way to verify your key — it costs zero credits and returns your live credit balance, current tier, and the per-minute rate limit for that tier.

curl https://renidly.com/api/panel/credits/tier/k/ \
  -H "X-AUTHAPI-Key: $RENIDLY_API_KEY"

A working key returns 200 OK

{
  "success": true,
  "message": "Tier info retrieved",
  "errors": null,
  "data": {
    "balance": 4782.0,
    "credits_per_dollar": 100,
    "current_tier": {
      "name": "Hobby",
      "min_credits": 100,
      "max_credits": 9999,
      "limit_per_minute": 30
    },
    "next_tier": {
      "name": "Scale",
      "min_credits": 10000,
      "max_credits": 99999,
      "limit_per_minute": 120,
      "credits_needed": 5218.0
    },
    "previous_tier": {
      "name": "Testing",
      "min_credits": 0,
      "max_credits": 99,
      "limit_per_minute": 7
    }
  }
}

Check	Expected value
success	true
data.balance	Your remaining credit balance
data.current_tier.limit_per_minute	Requests per minute allowed at your tier
data.next_tier.credits_needed	Credits needed to reach the next tier

Something went wrong?

If the key wasn't recognised, the body comes back with success: false and the reason in message:

{
  "success": false,
  "statusCode": 200,
  "message": "API key missing or invalid",
  "errors": null,
  "data": null
}

Issue	Fix
Wrong header name	Use `X-renidly-apikey` — case-insensitive, but no `Bearer` prefix.
Missing trailing slash	Account routes under `/api/panel/` must end with `/`.
Typo or truncated key	Re-copy the full value from API Keys.
Rotated key	If you rotated, every integration needs the new value. Rotate again from API Keys if you suspect a leak.
Wrong workspace	The key only works for the workspace it was issued in. See API Keys & Workspaces.

Keep your key safe

Treat API keys like database credentials. Concrete practices we recommend:

Never commit keys. Use environment variables, not source code. Add a pre-commit hook that scans for the RENIDLY_API_KEY string.
Never expose keys client-side. Browser JavaScript, mobile apps, and shared browser extensions are all visible to the user. Proxy through your backend.
Rotate on suspicion. Revoke immediately if a teammate leaves, a laptop is lost, or you find the key in a log.
Monitor usage. Watch the dashboard for unexpected spikes — they're usually the first signal that a key has leaked.

export RENIDLY_API_KEY="rnd_abc123..."

← Previous

Quickstart

Your first API call

Open Workspace → API Keys

The X-renidly-apikey header

A working key returns 200 OK

Something went wrong?

Keep your key safe

The `X-renidly-apikey` header