Aether
Guides

Authentication

API keys, scopes, and organization access for the Aether API.

The Aether API uses API keys for authentication. Every request must include your key in the Authorization header as a Bearer token.

Authorization: Bearer aeth_live_your_key_here

API key scopes

ScopeDescription
fullRead and write access to all resources
read_onlyRead access only — cannot create or modify resources
profiles_onlyCan only list and read connected social profiles

Keys can optionally be restricted to specific allowedProfileIds at creation time.

Creating API keys

From the dashboard: API Keys → Create Key.

Each key has prefix aeth_live_ (production) or aeth_test_ (test) so you can identify the environment at a glance. The full key is shown once at creation.

You can also manage keys via POST /v1/api-keys — see API Reference.

Key rotation

Revoke keys from the dashboard or DELETE /v1/api-keys/:id. Revoked keys return 401 Unauthorized immediately.

Rate limits

Rate limits apply per API key. Response headers on every request:

HeaderDescription
X-RateLimit-LimitRequests allowed per minute
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets

On 429 Too Many Requests, respect the Retry-After header before retrying.

Dashboard sessions

The developer dashboard uses JWT session auth (POST /v1/auth/signin) — separate from API keys. API documentation covers API key access only.

On this page