Authentication
The OneClickSEO API uses API keys to authenticate requests. Each key is tied to your account and inherits your plan's credit balance and rate limits. Keys are created and managed in the dashboard under Settings → API.
Sending your key
Send your key in the `Authorization` header as a bearer token on every request. Requests without a valid key return `401 Unauthorized`.
cURL
curl https://api.oneclickseo.ai/v1/keywords/overview?keyword=link%20building&country=us \
-H "Authorization: Bearer YOUR_API_KEY"Creating & managing keys
- Create a key in Settings → API. The full key value is shown only once at creation - copy it then.
- Name each key by its use (for example, `production` or `local-dev`) so usage is easy to attribute.
- Revoke a key at any time; revoked keys stop working immediately.
- Rotate keys periodically by creating a new key, switching your integration over, then revoking the old one.
Keep your keys secret
An API key grants full read access to your account's data and spends your credits. Never embed a key in client-side code, mobile apps, or public repositories. Call the API only from a server you control, and store the key in an environment variable or secret manager.
Authentication errors
| Code | Meaning | Description |
|---|---|---|
| 401 | Unauthorized | The API key is missing, malformed, or revoked. |
| 403 | Forbidden | The key is valid but your plan does not include API access, or the requested resource isn't yours. |