Skip to main content
All API requests require an API key. You can create and manage keys from the Scrip dashboard.

Using Your API Key

API keys use the sk_ prefix. Pass your key in the Authorization header: 
curl https://api.scrip.dev/v1/programs \
  -H "Authorization: Bearer sk_your_api_key"
You can also use the X-API-Key header: 
curl https://api.scrip.dev/v1/programs \
  -H "X-API-Key: sk_your_api_key"
API keys have full read and write access to all resources in your organization.
Keep your API keys secret. Do not expose them in client-side code or commit them to version control.

Rate Limits

Requests are rate-limited per organization:
LimitValue
Sustained rate10 requests/second
Burst30 requests
All API keys within the same organization share a single rate limit bucket. When exceeded, the API returns 429 Too Many Requests with a Retry-After header. Every response includes rate limit headers:
HeaderDescription
X-RateLimit-LimitMaximum burst capacity
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp (seconds) when the bucket is fully replenished
Retry-AfterSeconds to wait before retrying (only present on 429 responses)
Need higher throughput? Contact us about enterprise rate limits.

Errors

StatusCodeMeaning
401unauthorizedMissing, invalid, or revoked API key
403forbiddenValid key but not permitted for this route
429too_many_requestsRate limit exceeded
Error responses follow a standard shape: 
{
  "code": "unauthorized",
  "message": "invalid or revoked API key"
}