Authentication
All API requests must include a valid API key.
Creating an API Key
- Go to Settings > API Keys in your dashboard
- Click Generate New Key
- Copy the key immediately — it’s only shown once
- Store it securely (environment variable, secrets manager)
Using Your Key
Include the key in the Authorization header of every request:
curl https://rentalot.ai/api/v1/properties \
-H "Authorization: Bearer ra_live_abc123..."Key Prefixes
ra_live_— production keysra_test_— test keys (if applicable)
Revoking Keys
Revoke any key from Settings > API Keys. Revocation is immediate — any requests using that key will return 401 Unauthorized.
API Access by Plan
Your API key inherits the rate limits and permissions of your plan:
| Plan | Access | API Keys | Global RPM | Daily Requests |
|---|---|---|---|---|
| Free Trial | No API | 0 | — | — |
| Starter | Read-only | 2 | 30/min | 5,000/day |
| Pro | Full CRUD | 5 | 120/min | 50,000/day |
| Scale | Full + priority | 20 | 600/min | 500,000/day |
Write operations have additional per-resource daily and monthly limits. Upgrade your plan to increase limits.
Security
- Never commit API keys to version control
- Use environment variables to store keys
- Rotate keys periodically
- Each key is scoped to your account — it can only access your properties and data