For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dashboard
User GuideDeveloper GuidesAPI Reference
User GuideDeveloper GuidesAPI Reference
  • Getting Started
    • Introduction
    • Authentication
    • Quickstart
  • Guides
    • Working with Tools
    • Runtime Tools
    • FPO Templates
    • Importing Products
  • Integrations
    • MCP Servers
Dashboard
LogoLogo
On this page
  • Authentication
  • Getting an API Key
  • Using Your API Key
  • API Key Formats
  • Permissions
  • Rate Limits
  • Error Responses
  • 401 Unauthorized
  • 403 Forbidden
  • 429 Too Many Requests
  • Best Practices
Getting Started

Authentication

Was this page helpful?
Previous

Quickstart

Next
Built with

Authentication

The Runtype API uses API keys for authentication. Include your API key in the Authorization header of every request.

Getting an API Key

  1. Log in to your Runtype Dashboard
  2. Go to Settings > API Keys
  3. Click Create New Key
  4. Give your key a descriptive name
  5. Select the permissions you need
  6. Copy your key - it won’t be shown again!

Keep your API keys secure. Never expose them in client-side code or commit them to version control.

Using Your API Key

Include the API key in the Authorization header with the Bearer scheme:

$curl https://api.runtype.com/v1/flows \
>  -H "Authorization: Bearer tv_live_abc123..."

API Key Formats

PrefixEnvironmentDescription
tv_live_ProductionFull access to production data
tv_test_TestSafe for testing, limited permissions

Permissions

API keys can be scoped to specific permissions:

PermissionDescription
*Full access to all resources
FLOWS:*Full access to flows
FLOWS:READRead flows
FLOWS:WRITECreate/update flows
FLOWS:EXECUTEExecute flows
RECORDS:*Full access to records
RECORDS:READRead records
RECORDS:WRITECreate/update records
PROMPTS:*Full access to prompts
ANALYTICS:READRead analytics data

Rate Limits

Default rate limits per API key:

  • 1,000 requests per hour
  • 10,000 requests per day

Rate limit headers are included in every response:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1705320000

Error Responses

401 Unauthorized

1{
2  "error": "Unauthorized",
3  "details": "Invalid or missing API key"
4}

403 Forbidden

1{
2  "error": "Forbidden",
3  "details": "Missing required permission: FLOWS:WRITE"
4}

429 Too Many Requests

1{
2  "error": "Rate limit exceeded",
3  "details": "Hourly limit of 1000 requests reached"
4}

Best Practices

Use environment variables

Store API keys in environment variables, not in code:

$export RUNTYPE_API_KEY="tv_live_abc123..."
Use scoped permissions

Create API keys with only the permissions they need. A key that only reads data shouldn’t have write permissions.

Rotate keys regularly

Regenerate API keys periodically and update them in your applications.

Monitor usage

Check the API Keys section in your dashboard to monitor usage and detect unusual activity.