Authentication

API Keys

PlugIQ uses API keys for server-to-server authentication. Generate an API key in Settings → Developer → API Keys. Each key is associated with the user who created it and inherits their permissions.

Bearer Token Authentication

Include your API key in the Authorization header of every request:

• Header name: Authorization
• Value format: Bearer YOUR_API_KEY

All API requests must be made over HTTPS. Requests over HTTP are rejected with a 400 status code.

Rate Limits

API requests are rate-limited per workspace: Free plan — 60 requests per minute; Growth plan — 300 requests per minute; Enterprise plan — 1,000 requests per minute (configurable).

Error Codes

The API uses standard HTTP status codes. 401 means your API key is missing or invalid. 403 means the key is valid but lacks permission. 429 means you have exceeded the rate limit.