Authentication#
Every request to the Rustbox API must include a valid API key.
API key format#
Keys follow the format:
rb_live_<random>
Example: rb_live_k7x9m2p4q8w1n5v3
Keys are provisioned when you request access. Each key is scoped to your account and tracks usage for rate limiting.
Authenticating requests#
Include your API key in the X-API-Key header:
curl -X POST "https://api.rustbox.orkait.com/api/submit?wait=true" \
-H "Content-Type: application/json" \
-H "X-API-Key: rb_live_your_key_here" \
-d '{"language": "python", "code": "print(42)"}'Error responses#
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid API key |
429 Too Many Requests | Rate limit exceeded |
A 401 response body:
{
"error": "unauthorized",
"message": "Missing or invalid API key"
}Rate limits#
| Tier | Requests/min | Concurrent executions |
|---|---|---|
| Beta | 60 | 10 |
When you exceed the rate limit, the response includes a Retry-After header indicating how many seconds to wait before retrying.
Security#
- Transmit your API key only over HTTPS. All API endpoints enforce TLS.
- Do not embed keys in client-side code. Make API calls from your backend.
- If a key is compromised, contact us immediately for rotation.
Constant-time comparison is used for all key validation to prevent timing attacks.