Authentication
API keys, scopes, and organization access for the Aether API.
The Aether API uses API keys for authentication. Every request must include your key in the Authorization header as a Bearer token.
Authorization: Bearer aeth_live_your_key_hereAPI key scopes
| Scope | Description |
|---|---|
full | Read and write access to all resources |
read_only | Read access only — cannot create or modify resources |
profiles_only | Can only list and read connected social profiles |
Keys can optionally be restricted to specific allowedProfileIds at creation time.
Creating API keys
From the dashboard: API Keys → Create Key.
Each key has prefix aeth_live_ (production) or aeth_test_ (test) so you can identify the environment at a glance. The full key is shown once at creation.
You can also manage keys via POST /v1/api-keys — see API Reference.
Key rotation
Revoke keys from the dashboard or DELETE /v1/api-keys/:id. Revoked keys return 401 Unauthorized immediately.
Rate limits
Rate limits apply per API key. Response headers on every request:
| Header | Description |
|---|---|
X-RateLimit-Limit | Requests allowed per minute |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
On 429 Too Many Requests, respect the Retry-After header before retrying.
Dashboard sessions
The developer dashboard uses JWT session auth (POST /v1/auth/signin) — separate from API keys. API documentation covers API key access only.