Authentication
The API authenticates with a bearer API key. One header, on every request.
Get a key
Create an API key in Rendley under Settings -> API Keys. The key is shown once, at creation, so copy it then and store it somewhere safe. Treat it like a password: it grants full access to your account’s projects, media, and credits.
Send the key
Pass the key in the Authorization header as Bearer YOUR_API_KEY:
curl https://api.rendley.com/v1/workspaces \
-H "Authorization: Bearer YOUR_API_KEY"const res = await fetch("https://api.rendley.com/v1/workspaces", {
headers: { Authorization: "Bearer YOUR_API_KEY" },
});import requests
res = requests.get(
"https://api.rendley.com/v1/workspaces",
headers={"Authorization": "Bearer YOUR_API_KEY"},
)What needs auth
Every endpoint requires a valid key except the public template endpoints under /templates, which serve pre-built projects without authentication.
Errors
| Status | Meaning |
|---|---|
401 Unauthorized | The key is missing, malformed, or invalid. |
403 Forbidden | The key is valid but not allowed to access this resource. |
402 Payment Required | The account has too few credits for a billable operation. |
Error bodies follow the standard envelope:
{ "error": { "code": "UNAUTHORIZED", "message": "invalid api key" } }Good practice
- Keep keys server-side. Do not ship them in browser or mobile clients.
- Rotate a key from Settings if it leaks, and update your services.
- Use a separate key per environment so you can revoke one without affecting the others.