Skip to main content

API key authentication

All requests to the AgentScore API use an API key passed in the X-API-Key header. 
curl -H "X-API-Key: sk_live_abc123..." \
  https://api.agentscore.sh/v1/reputation/0xdb5aa553feeb2c3e3d03e8360b36fb0f7e480671

Getting an API key

  1. Sign up at agentscore.sh/dashboard
  2. Create a new API key from the dashboard
  3. Copy the key — it is only shown once

Free tier

The free tier provides 5,000 API calls per month. Free-tier requests return the summary view of the reputation endpoint. Unauthenticated requests may be supported with stricter rate limits but are not recommended for production use. Paid API keys unlock:
  • view=full on the reputation endpoint (includes decision, factors, identity)
  • Batch scoring via POST /v1/reputation:batch
  • Higher rate limits
  • Custom policy parameters (min_grade, min_transactions)
See Pricing for tier details.

Error responses

Missing or invalid key

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key."
  }
}
Status: 401 Unauthorized

Exceeded plan limits

{
  "error": {
    "code": "payment_required",
    "message": "Monthly API call limit exceeded. Upgrade your plan or wait for the next billing cycle."
  }
}
Status: 402 Payment Required

Rate limit headers

Every response includes rate limit information:
HeaderDescription
X-RateLimit-LimitMaximum requests allowed in the current window
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp when the window resets
See Rate Limits for per-tier limits.

Security recommendations

  • Store API keys in environment variables, never in client-side code
  • Rotate keys periodically from the dashboard
  • Use separate keys for development and production
  • Monitor usage from the dashboard to detect unexpected spikes