Authentication
How to authenticate with the CareCycle API
All API requests require authentication using an API key. Include your API key in the x-api-key header:
x-api-key: YOUR_API_KEYObtaining API Keys
Production Keys
API keys for production use can be generated from the Developer Dashboard:
- Log in and navigate to the API Keys page
- Click Create API Key
- Give your key a descriptive name and select the appropriate permissions
- Copy and securely store your API key — it will only be shown once
Keep your API keys secure. Do not share them in public repositories, client-side code, or expose them in logs. If you believe a key has been compromised, revoke it immediately and generate a new one.
Testing in the API Playground
You can generate a temporary API key directly from the API reference pages to quickly test endpoints in the interactive playground.
- Make sure you are logged in.
- Navigate to any API reference page (e.g., List Campaigns)
- Open the Authorization section in the playground
- Click Generate API Key
- If you belong to multiple organizations, select which one to create the key for
Playground keys expire after 14 days and are intended for testing only. For production integrations, generate a key from the Developer Dashboard.
Rate Limiting
API requests are limited to 60 requests per minute.
If you exceed the rate limit, you'll receive a 429 Too Many Requests response:
{
"message": "Rate limit exceeded",
"code": "RATE_LIMIT_EXCEEDED",
"retryAfter": 60
}Error Codes
All error responses follow a consistent format:
{
"message": "<string>",
"code": "<string>"
}| Code | Description |
|---|---|
UNAUTHORIZED | Invalid or missing API key |
FORBIDDEN | API key lacks required permissions |
NOT_FOUND | Requested resource does not exist |
VALIDATION_ERROR | Request body failed validation |
RATE_LIMIT_EXCEEDED | Too many requests |
INTERNAL_ERROR | Server error — contact support if persistent |