Authentication and API Keys
Learn how to securely authenticate your requests to the BrandQL API using API keys, including best practices for managing access.
{
"error": "Rate limit exceeded",
"retry-after": 60
}
Overview
BrandQL uses API keys for authentication. You generate keys in your dashboard and include them in the Authorization header of every request. This approach keeps your requests secure and tracks usage against your plan's quotas.
All requests must include a valid API key. Unauthenticated requests return a 401 Unauthorized error.
BrandQL supports a single API key per account. Regenerate keys as needed for security.
Generating API Keys
Access your dashboard to create and manage keys.
Sign Up or Log In
Visit https://brandql.com/signup to create an account or log in at https://app.brandql.com.
Navigate to API Keys
Go to the Account > API Keys section in the sidebar.
Generate Key
Click Generate New Key. Copy the key immediately—it won't show again.
Regenerate if Needed
Use Regenerate to invalidate the current key and create a new one. Update all integrations promptly.
Using Your API Key
Include your key in the Authorization header as Bearer YOUR_API_KEY.
Format: Bearer brq_xxxxxxxxxxxxxx. Replace with your key.
curl "https://api.brandql.com/logo/paypal.com" \
-H "Authorization: Bearer YOUR_API_KEY"
const response = await fetch('https://api.brandql.com/logo/paypal.com', {
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
});
const data = await response.json();
import requests
headers = {
'Authorization': 'Bearer YOUR_API_KEY'
}
response = requests.get('https://api.brandql.com/logo/paypal.com', headers=headers)
data = response.json()
Always use API keys server-side. Fetch logos on your backend and serve images to clients.
Exposing keys client-side risks leakage. Use only for testing or public demos.
Rate Limits and Quotas
BrandQL enforces rate limits to ensure fair usage.
| Limit Type | Free Tier | Pro Tier | Description |
|---|---|---|---|
| Requests per minute | 60 | 600 | Per API key |
| Daily quota | 10,000 | Unlimited | Resets at midnight UTC |
Exceeding limits returns 429 Too Many Requests. Headers provide details:
Requests left in current window.
Unix timestamp when limit resets.
Monitor usage in your dashboard. Upgrade for higher limits.
Security Best Practices
Protect your API keys to prevent unauthorized access.
Store keys securely:
# .env file (never commit)
BRANDQL_API_KEY=YOUR_API_KEY
Load in Node.js:
const apiKey = process.env.BRANDQL_API_KEY;
Rotate keys every 90 days or after potential exposure. Use the dashboard's regenerate feature.
Never hardcode keys in frontend code. Proxy requests through your server.