Authentication
Authentication
This guide covers how to authenticate with the Enrichment API.
Base URL
All API requests should be made to:
https://api.skael.de
Creating API Keys
API keys are created through the organization dashboard. Organization administrators can access the API Keys page to generate new keys.
- Log in to your account at https://api.skael.de
- Navigate to API Keys in your organization settings
- Click Create API Key
- Provide a descriptive name for the key
- Copy and securely store the key immediately - it will only be shown once
API keys are prefixed with eak_ followed by a 64-character random string. For example:
eak_abc123def456...
Important: Store your API key securely. The full key is only displayed once at creation time. If you lose it, you will need to create a new key.
All API requests must include an Authorization header with a Bearer token:
Authorization: Bearer YOUR_API_KEY
Example Request
curl -X POST https://api.skael.de/api/enrichments/app_scanner \
-H "Authorization: Bearer eak_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"domain": "example.com"}'
Authentication Errors
| Status Code |
Message |
Description |
| 401 |
Unauthenticated. |
No API key provided or key does not start with eak_ |
| 401 |
Invalid API key. |
The provided API key is not valid |
| 429 |
Too many authentication attempts. Please try again later. |
Rate limit exceeded for failed authentication attempts |
Rate Limits
The API enforces rate limits to ensure fair usage and platform stability.
Enrichment API Limits
Authenticated requests are limited per organization:
- 10,000 requests per minute per organization
When you exceed this limit, the API returns:
{
"message": "Too many requests. Please slow down."
}
HTTP Status Code: 429 Too Many Requests
Best Practices
-
Implement exponential backoff - When you receive a 429 response, wait before retrying. Double the wait time with each consecutive 429.
-
Use async mode for batch processing - For large batches, use the async API with callback_url to avoid holding connections open.
-
Monitor your usage - Track your request patterns to stay within limits.
Revoking API Keys
To revoke an API key:
- Navigate to API Keys in your organization settings
- Find the key you want to revoke (identified by its prefix and name)
- Click the delete button to permanently revoke the key
Revoked keys immediately stop working for all requests.
Security Recommendations
-
Never commit API keys to version control - Use environment variables or secrets management.
-
Use separate keys for different environments - Create distinct keys for development, staging, and production.
-
Rotate keys periodically - Create new keys and retire old ones on a regular schedule.
-
Monitor last used timestamps - The dashboard shows when each key was last used, helping identify unused keys.