ReachScore Docs
API Reference

API Keys

Create and manage API keys for authenticating API requests. Keys can be scoped to specific permissions.

Key Prefixes

rk_live_
Live mode keys

Production keys that access real data and count against usage limits.

rk_test_
Test mode keys

Sandbox keys that return simulated data and don't count against limits.

Create a new API key. The full key is only shown once at creation time - store it securely.

Request Bodyrequired

namestringrequired

Display name for the key

scopesarray

Permission scopes (default: all scopes)

tests:readtests:writedomains:readdomains:writemonitors:readmonitors:writewebhooks:managebilling:manage
expires_atstring<date-time>

Optional expiration date

Response

idstring

Key identifier (key_xxx)

objectstring

Always 'api_key'

namestring
keystring

The full API key (only shown once!)

key_hintstring

Last 4 characters for identification

scopesarray
created_atstring<date-time>
expires_atstring<date-time>

Example Request

curl -X POST https://api.reachscore.co/v1/keys \
  -H "Authorization: Bearer rk_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI/CD Pipeline",
    "scopes": ["tests:read", "tests:write"]
  }'

Example Response

{
  "id": "key_3iS8wW2xYbC4",
  "object": "api_key",
  "name": "CI/CD Pipeline",
  "key": "rk_live_newkeyvalue123abc...",
  "key_hint": "...abc",
  "scopes": ["tests:read", "tests:write"],
  "created_at": "2026-03-11T10:30:00Z",
  "expires_at": null,
  "livemode": true
}

Authentication Context

Returns information about the currently authenticated API key and its associated organization, permissions, and usage.

Response

key_idstring
key_namestring
scopesarray
organizationobject

Organization details

usageobject

Current usage statistics

livemodeboolean

Example Request

curl https://api.reachscore.co/v1/auth/me \
  -H "Authorization: Bearer rk_live_xxx"

Example Response

{
  "key_id": "key_3iS8wW2xYbC4",
  "key_name": "CI/CD Pipeline",
  "scopes": ["tests:read", "tests:write"],
  "organization": {
    "id": "org_abc123",
    "name": "Your Company",
    "plan": "team"
  },
  "usage": {
    "tests_this_month": 145,
    "tests_limit": 1000,
    "domains": 3,
    "domains_limit": 10
  },
  "livemode": true
}

Security Best Practices

  • Store API keys in environment variables, never in code
  • Use the minimum required scopes for each key
  • Rotate keys periodically and after any suspected exposure
  • Create separate keys for different environments and services
  • Monitor key usage and revoke unused keys
Previous: TeamNext: Billing