API Key authentication
Every request to the Rushed API requires an API key sent via the X-API-Key header.
curl https://worker.rushed.com.br/api/articles \
-H "X-API-Key: rsh_live_xxxxxxxxxxxxxxxxxxxx"
Getting your API key
- Sign in to the Rushed Dashboard
- Navigate to API Keys
- Click Create Key
- Configure the key name, expiration, and scopes
- Copy the key — it will only be shown once
| Prefix | Environment | Usage |
|---|
rsh_live_ | Production | Live data, counted against your plan quota |
rsh_test_ | Sandbox | Test data, not counted against quota |
Key scopes
When creating an API key, you can restrict its access to specific resources:
| Scope | Access |
|---|
read:articles | List, search, and retrieve articles |
read:entities | List, search, and retrieve entities |
read:breaking | Access breaking news endpoint |
* | Full access (all scopes) |
* (full access within your plan tier).
Key expiration
You can set an expiration when creating the key:
- No expiration — key is valid until manually revoked
- Custom duration — 30 days, 90 days, 1 year, or a specific date
- Expired keys return
401 Unauthorized
Rate limits by plan
Rate limits are enforced per API key:
| Plan | Requests / month | Requests / minute |
|---|
| Starter | 500,000 | 100 |
| Pro | 3,000,000 | 500 |
| Business | Unlimited | 2,000 |
Key rotation
To rotate a key without downtime:
- Create a new key in the dashboard
- Update your application to use the new key
- Verify the new key works
- Revoke the old key
Never commit API keys to source control. Use environment variables or a secrets manager.
Error responses
| Status | Meaning |
|---|
401 | Missing, invalid, or expired API key |
403 | Key does not have the required scope, or your plan does not include the requested module |
429 | Rate limit exceeded |
{
"success": false,
"error": "Invalid or missing API key. Get your key at https://dash.therushed.com.br/api-keys",
"statusCode": 401
}
