Authentication
API key authentication, rate limits, and error handling.
All data endpoints require a valid API key passed via the x-api-key header.
curl -H "x-api-key: sk_your_key_here" \
https://api.hermaeus.xyz/v1/entities/search?q=TeslaAuthorization: Bearer sk_your_key_here may also be accepted as a compatibility alias, but x-api-key is the primary documented header.
API keys
Keys are created and managed from the dashboard. Each key is scoped to a workspace — all billing and rate limiting attach to the workspace, not the individual key.
- Keys use the
sk_prefix. - The full key is shown once at creation. It cannot be retrieved later.
- Multiple keys per workspace are supported from day one. Use separate keys for separate environments.
- To rotate a key: create a new one, verify it works, then delete the old one.
Rate limits
| Plan | Requests/sec | Requests/month |
|---|---|---|
| Free | 10 | 10,000 |
| Pro | 50 | 500,000 |
| Ultra | 200 | 5,000,000 |
| Enterprise | Custom | Custom |
When you exceed your rate limit, the API returns 429 Too Many Requests with a Retry-After header.
When you exceed your monthly cap, the API returns 429 Too Many Requests with a monthly_cap_exceeded error until the next billing cycle. Hermaeus does not charge overage fees in the current v1 model.
Error responses
All errors follow a consistent shape:
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key."
}
}| HTTP Status | Code | Meaning |
|---|---|---|
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key does not have access to this resource |
| 404 | not_found | Entity or resource not found |
| 429 | rate_limited | Rate limit or monthly cap exceeded |
| 500 | internal_error | Server error — retry with backoff |