Authentication

All public API endpoints require an API key in the header for authentication.

API Key Header

Include your API key in the request header:

x-api-key: YOUR_API_KEY

API Version

Important: The Public API now uses version v1: /api/v1/public/*

The old paths (/api/reviews, /api/aggregations, /api/clusters) are still supported for backward compatibility, but redirect internally to the new v1 endpoints.

Base URL: https://api.proofio.app/api/v1/public/

Getting Your API Key

You will receive your API key when creating a project in the dashboard. Each project has its own unique API key that you can use to authenticate requests.

Rate Limiting

The Public API has plan-based monthly rate limits:

  • STARTER: 300 requests/month
  • GROWTH: 10,000 requests/month
  • SCALE: 50,000 requests/month

Limits are reset monthly (on the 1st of the month).

Rate limit information is returned in response headers:

  • X-RateLimit-Limit - Maximum allowed requests per month
  • X-RateLimit-Remaining - Remaining requests in the current month
  • X-RateLimit-Reset - Unix timestamp (seconds) when the limit resets
  • X-RateLimit-Reset-After - Seconds until reset

When the limit is exceeded, HTTP 429 (Too Many Requests) is returned.

Using the SDK (Recommended)

The easiest way to authenticate is using our official SDK:

Install SDK
npm install proofio-sdk
TypeScript/JavaScript Example
import { Proofio } from 'proofio-sdk';

const proofio = new Proofio({ apiKey: 'YOUR_API_KEY' });

// The SDK handles authentication automatically
const reviews = await proofio.reviews.list();

Manual API Requests

If you prefer to use the API directly, include the API key in headers:

cURL Example
curl https://api.proofio.app/api/v1/public/reviews \
  -H "x-api-key: YOUR_API_KEY"
JavaScript Example
const headers = {
  "x-api-key": "YOUR_API_KEY",
  "Content-Type": "application/json",
};

const response = await fetch("https://api.proofio.app/api/v1/public/reviews", {
  headers,
});

Security Best Practices

  • Never expose your API key in client-side code
  • Store API keys securely using environment variables
  • Rotate API keys regularly if compromised
  • Use HTTPS in production to encrypt requests