Skip to main content

Authentication

The RotaStellar API uses API keys for authentication. All requests must include a valid API key.

Getting an API Key

1

Request Access

Sign up for early access to receive your API credentials.
2

Receive Credentials

You’ll receive an email with your API key (starts with rs_).
3

Store Securely

Store your API key securely. Never commit it to version control.

Using Your API Key

Include your API key in the Authorization header with the Bearer prefix: 
Authorization: Bearer rs_your_api_key

Example Request

curl https://api.rotastellar.com/v1/satellites/ISS \
  -H "Authorization: Bearer rs_your_api_key"

API Key Types

TypePrefixUse Case
Livers_live_Production applications
Testrs_test_Development and testing
Test keys have rate limits and may return simulated data. Use live keys for production applications.

Security Best Practices

API keys should only be used in server-side code. Never include them in JavaScript bundles, mobile apps, or anywhere users can inspect.
Store API keys in environment variables, not in code:
export ROTASTELLAR_API_KEY=rs_live_...
Rotate your API keys periodically and immediately if you suspect compromise.
Use different API keys for development, staging, and production.

Revoking Keys

If your API key is compromised:
  1. Go to your dashboard
  2. Navigate to API Keys
  3. Click “Revoke” on the compromised key
  4. Generate a new key
  5. Update your applications

Errors

CodeDescription
401Invalid or missing API key
403API key doesn’t have permission for this endpoint
429Rate limit exceeded
{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked."
  }
}