API Authentication
All MeetLoyd API requests require authentication. This guide covers how to create, manage, and use API keys.
Key Types
| Type | Prefix | Purpose |
|---|---|---|
| Live | sk_live_ | Production use |
| Test | sk_test_ | Development and testing (sandbox, no charges, relaxed rate limits) |
Permissions
API keys can be scoped to specific permissions:
| Permission | Description |
|---|---|
agents:read | List and get agents |
agents:write | Create, update, delete agents |
conversations:read | List and get conversations |
conversations:write | Create conversations, send messages |
tasks:read | List and get tasks |
tasks:write | Create, update, run tasks |
workflows:read | List and get workflows |
workflows:write | Create, update, run workflows |
memory:read | Read memory values |
memory:write | Set and delete memory |
admin | Full administrative access |
Rate Limits
| Plan | Requests/min | Burst |
|---|---|---|
| Starter | 120 | 200 |
| Growth | 500 | 800 |
| Enterprise | 5000 | 8000 |
Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) are included in every response.
OAuth 2.0 (Enterprise)
Enterprise customers can use OAuth 2.0 Client Credentials flow for machine-to-machine authentication. Access tokens expire after 1 hour and must be refreshed.
Next: Learn about Webhooks for receiving real-time events.