Authentication
Every request authenticates with a Bearer key. Create and rotate keys in Dashboard → API Keys. Keys are shown once at creation — store them in a secret manager, never in client-side code.
Authorization: Bearer cf_live_xxxxxxxxxxxxxxxxxxxxKeys are hashed at rest; we only store a display prefix (cf_live_abcd…). A
missing, malformed, or revoked key returns 401. Rate limits apply per key and
ride on every response:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1718100000