Skip to main content
Every request to the RentFAX API must include a valid API key. The API uses key-based authentication — there are no session cookies or OAuth flows for server-to-server calls. You include your key in a request header, and the API validates it on each call.

Obtaining an API key

You can generate an API key in two ways:
  • Dashboard: Go to Settings → API Keys in your RentFAX account and click Create Key.
  • API: Send a POST request to /v1/keys authenticated with an existing key (or your dashboard session token).
Your API key is shown only once, immediately after creation. Copy and store it securely before closing the dialog — it cannot be retrieved again.
You can have up to 5 active keys per account at any time. To create a new key once you reach the limit, revoke an existing one first.

Passing your API key

You can authenticate requests using either of the following headers. Both are accepted by every endpoint.

Option 1: x-api-key header

Option 2: Authorization: Bearer header

Both headers have identical behavior. Choose whichever fits your HTTP client or integration library best.

Code examples

API key format

All RentFAX API keys begin with the prefix rfx_live_ followed by a 32-character alphanumeric string. For example:
The API rejects any key that does not start with rfx_. If you receive an Invalid API key format error, check that you are not passing a dashboard session token or a truncated key value.

401 Unauthorized errors

A 401 response means the request could not be authenticated. The response body describes the specific reason.
Cause: No x-api-key or Authorization header was sent.
Fix: Add the x-api-key header to your request.

Rate limits

The API enforces per-key rate limits measured in requests per minute: When you exceed the limit, the API returns a 429 status with a Retry-After: 60 header. Wait for the indicated number of seconds before retrying.

Security best practices

Never hardcode your API key directly in source code or commit it to version control. A leaked key grants full API access under your account.
  • Store keys in environment variables (e.g., RENTFAX_API_KEY).
  • Use separate keys for development, staging, and production environments.
  • Revoke any key you suspect has been exposed and generate a replacement immediately.
  • Treat your API keys with the same care as passwords.

Managing keys

To create, list, or revoke API keys: