API Authentication

Atlas Forms uses API keys to authenticate requests to the REST API.

Getting Your API Key

Go to Dashboard → Settings → API Keys

Click Generate API Key

Copy and securely store your key (it won't be shown again)

API keys have the prefix fep_ (Form Endpoint Platform).

Using Your API Key

Include your API key in the Authorization header:

bash

curl https://atlasforms.app/api/v1/submissions \
  -H "Authorization: Bearer fep_your_api_key"

Both formats are supported:

Authorization: Bearer fep_xxx (recommended)

Authorization: fep_xxx

Security Best Practices

Keep Keys Secret

Never commit API keys to version control

Use environment variables in production

Don't expose keys in client-side code

Rotate Keys Regularly

Generate new keys periodically

Revoke old keys after rotation

Use Separate Keys for Environments

Create different keys for development and production

This limits blast radius if a key is compromised

Rate Limits

API requests are rate limited per API key:

Endpoint	Limit
`GET /api/v1/submissions`	100 requests/minute
`GET /api/v1/projects`	100 requests/minute
Other endpoints	60 requests/minute

Rate limit headers are included in responses:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 2024-01-15T10:31:00Z

When rate limited, you'll receive a 429 Too Many Requests response:

json

{
  "error": "Rate limit exceeded",
  "retry_after": 45
}

Error Responses

401 Unauthorized

API key is missing or invalid.

json

{
  "error": "Invalid API key"
}

403 Forbidden

API key doesn't have permission for this resource.

json

{
  "error": "Forbidden"
}

Example: Environment Variables

bash

# .env
ATLAS_API_KEY=fep_your_api_key

javascript

// Node.js
const response = await fetch('https://atlasforms.app/api/v1/submissions', {
  headers: {
    'Authorization': `Bearer ${process.env.ATLAS_API_KEY}`
  }
});

API Overview Form Endpoint