Authentication#
All API requests require authentication using an API key passed in the X-API-Key header.API Key Types#
Reckon provides two types of API keys: public (client-side) and secret (server-side). When inputting your key, you must apply prefix so the system knows what type you're using:Example: X-API-Key: pk_1234567890abcdef
Used for client-side operations
Rate limiting (dual limiting system):10 requests per key, per IP address, per minute
60 requests per key, per minute
Whichever is more restrictive applies
Example: X-API-Key: sk_1234567890abcdef
Used for server-side operations
Must be kept secure and never exposed to clients
500 requests per key, per minute
Security Best Practices#
Keys can be created and managed in the Reckon app
Use public keys for client-facing use cases, like browser and mobile applications
Use secret keys for back-end functions, like running automated jobs or server-to-server integrations
Rate Limits#
All endpoints are subject to rate limiting based on your API key type:Rate limit information is included in response headers:X-RateLimit-Limit: Total requests allowed per minute
X-RateLimit-Remaining: Requests remaining in current window
X-RateLimit-Reset: Unix timestamp for next window reset
Error Handling#
When rate limits are exceeded, you'll receive a 429 Too Many Requests response with a Retry-After header.Modified at 2025-08-06 21:23:25
