Skip to main content

API Keys

All API requests require a Bearer token in the Authorization header: 
Authorization: Bearer YOUR_API_KEY
API keys start with mk_ and are tied to your user account.

Getting your API Key

1

Access Settings

Log into Roulette, click your team name in the sidebar, then go to SettingsAPI Keys.
2

Create a Key

Click Create API Key and give it a descriptive name (e.g., “Zapier”, “Internal Scripts”).
3

Copy and Store

Copy the key immediately - you won’t see it again.
Never commit API keys to version control. Use environment variables.

Example Requests

curl -X GET "https://www.useroulette.com/api/v1/companies" \
  -H "Authorization: Bearer mk_abc123..."

Error Responses

401 Unauthorized

{
  "success": false,
  "error": "Invalid or expired API key"
}
CauseSolution
Invalid keyCheck for typos or generate a new key
Missing headerAdd Authorization: Bearer YOUR_KEY
Deleted keyCreate a new API key in settings

403 Forbidden

{
  "success": false,
  "error": "Access denied to this resource"
}
Your API key only has access to teams your user account belongs to. Request access from the team owner if needed.

Best Practices

# .env (never commit this file)
ROULETTE_API_KEY=mk_abc123...

const apiKey = process.env.ROULETTE_API_KEY;
Create different keys for development, staging, and production. This lets you rotate keys independently and track usage.
Delete old keys and create new ones regularly. You can have multiple active keys for zero-downtime rotation.

Rate Limits

LimitValue
Requests per minute1,000
Requests per second100
When rate limited, you’ll receive 429 Too Many Requests: 
{
  "success": false,
  "error": "Rate limit exceeded"
}
Implement exponential backoff to handle rate limits gracefully.

Permissions

Your API key inherits your user permissions:
  • Access is limited to teams you’re a member of
  • Row Level Security (RLS) applies to all requests
  • You can only see companies based on your team’s visibility settings