Skip to main content

Authentication

The Covered API uses API keys to authenticate requests. You can create and manage API keys from your Covered Dashboard.

Creating an API key

  1. Go to SettingsAPI Keys in your dashboard
  2. Click Create API Key
  3. Give your key a descriptive name (e.g., “Production”, “Staging”, “ERP Integration”)
  4. Copy the key immediately - it won’t be shown again
API keys are sensitive credentials. Never share them in public repositories, client-side code, or logs.

Using your API key

Include your API key in the Authorization header of every request: 
curl https://api.allcovered.xyz/v1/treasury/balance \
  -H "Authorization: Bearer cov_xxxxxxxxxxxxx"

API key format

All Covered API keys start with the prefix cov_: 
cov_3ZmKDAT8JUAvmYPdDeaXJQvA

Rate limits

API requests are rate limited to 100 requests per minute per API key. Rate limit information is included in response headers:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed per window
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when the window resets
When you exceed the rate limit, you’ll receive a 429 Too Many Requests response: 
{
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded. Please slow down your requests."
  }
}

Authentication errors

Status CodeError CodeDescription
401MISSING_API_KEYNo API key provided in the Authorization header
401INVALID_API_KEYThe API key is invalid or revoked
401API_KEY_EXPIREDThe API key has expired
429RATE_LIMITEDToo many requests

Security best practices

Store API keys in environment variables, not in code:
export COVERED_API_KEY=cov_xxxxxxxxxxxxx
Create new keys and revoke old ones periodically, especially if you suspect a key may have been compromised.
Create different API keys for development, staging, and production environments.
Check the dashboard regularly to monitor request volume and detect unusual activity.