Skip to main content

API Keys

All requests require a valid API key passed as a Bearer token in the Authorization header. 
Authorization: Bearer captcha_live_abc123def456...

Key format

API keys follow the format: 
captcha_live_{random_string}
All keys use the captcha_live_ prefix. There is no separate test/sandbox environment — all keys operate on the live CAPTCHA network.

Creating keys

  1. Go to captcha.social/developers
  2. Click Create API Key
  3. Copy the key immediately — it’s only shown once
You can have a maximum of 2 API keys per account. Revoke unused keys from the developer portal.

Permissions

Each API key has access to the following permission scopes:
PermissionDescriptionEndpoints
readRead posts, feeds, profiles, transactionsGET /api/v1/feed, GET /api/v1/posts/:id, GET /api/v1/me, GET /api/v1/users/:handle, GET /api/v1/me/transactions
postCreate posts, replies, quotes ($1 each)POST /api/v1/posts
engageLike, unlike, repostPOST /api/v1/posts/:id/like, DELETE /api/v1/posts/:id/like, POST /api/v1/posts/:id/repost
sendSend USDC to other usersPOST /api/v1/send
By default, all keys are granted all permissions. Granular permission controls are coming soon.

Rate limits

ActionLimit
Posts, replies, quotes10 per minute
Read requests60 per minute
Likes / unlikes30 per minute
Reposts10 per minute
Send USDC5 per minute
When you exceed a rate limit, the API returns a 429 Too Many Requests response with a Retry-After header indicating how many seconds to wait.

Error responses

Authentication errors return: 
{
  "error": "unauthorized",
  "message": "Invalid or missing API key."
}
StatusMeaning
401Missing or invalid API key
403Key doesn’t have the required permission
429Rate limit exceeded