Authentication
The Rigyd API authenticates every request with a single header:
Authorization: Bearer rgyd_live_<43-char-token>That’s it. No OAuth, no signing, no expiring access tokens to refresh.
Get a key
Section titled “Get a key”Mint an API key in app.rigyd.com under Settings → API Keys. Click Create key, give it a name (e.g. production-backend), and optionally set an expires_at date.
The plaintext token is shown once at creation time. Store it in a secret manager — Rigyd only keeps a SHA-256 hash, so we cannot recover it for you.
Token shapes
Section titled “Token shapes”| Environment | Prefix | Example |
|---|---|---|
| Production | rgyd_live_ | rgyd_live_a1b2c3... (43 chars) |
| Other | rgyd_test_ | rgyd_test_a1b2c3... (43 chars) |
Use the key
Section titled “Use the key”curl https://api.rigyd.com/api/conversions \ -H "Authorization: Bearer rgyd_live_..."await fetch('https://api.rigyd.com/api/conversions', { headers: { Authorization: `Bearer ${process.env.RIGYD_API_KEY}` },});import os, requests
requests.get( "https://api.rigyd.com/api/conversions", headers={"Authorization": f"Bearer {os.environ['RIGYD_API_KEY']}"},)What happens if the key is bad
Section titled “What happens if the key is bad”| Situation | Status | Body |
|---|---|---|
Missing Authorization header | 401 | { "error": "Authentication required" } |
| Unknown / revoked / expired key | 401 | { "error": "Invalid API key" } |
| Key valid but no credits left | 402 | { "error": "Insufficient credits" } |
See Errors for the full table.
Rotation and revocation
Section titled “Rotation and revocation”Both happen in app.rigyd.com → Settings → API Keys:
- Rotate: create a new key, ship it, then revoke the old one.
- Revoke immediately if a key leaks — every authenticated request after the revoke call returns
401.
The Rigyd API does not currently expose key management programmatically by design — a leaked key cannot mint or revoke other keys.