Authentication
Learn how to authenticate your API requests with Ender.
Overview
All Ender API endpoints require authentication via API key, except these public endpoints:
GET /v1/health— API health checkGET /v1/coupons/validate/:code— Validate coupon codeGET /v1/webshare/health— Webshare service health
Using Your API Key
Include your API key in the Authorization header of every request:
Getting Your API Key
Your API key is automatically generated when you create an account. Find it in your dashboard under Account Settings.
Each user has a single API key that remains the same for your account.
Security Best Practices
Never Expose Your Keys
Never share your API keys or commit them to version control.
Recommendations
- Use environment variables to store API keys
- Keep your key secure — never share it publicly
- Monitor usage through the dashboard for suspicious activity
Example: Using Environment Variables
Rate Limiting
API requests are rate limited based on your subscription plan. Limits are applied per minute using a sliding window algorithm.
Rate Limits by Plan
| Plan | Requests/Minute |
|---|---|
| Free | 50 |
| Lite | 100 |
| Basic | 150 |
| Premium | 300 |
| Black | 300 |
Rate Limit Headers
Every response includes rate limit headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per minute |
X-RateLimit-Remaining | Remaining requests in current window |
X-RateLimit-Reset | Unix timestamp when the rate limit resets |
When Rate Limited
If you exceed your rate limit, you'll receive a 429 Too Many Requests response:
The response includes a Retry-After header indicating how many seconds to wait.
Plan Changes
Rate limits update immediately when you upgrade your plan.
Error Responses
Missing API Key
Invalid API Key
Rate Limit Exceeded
Next Steps
- Learn about the Credits System
- Start using Card Checkers
- Explore available Tools