API Access

Availability: Business and Enterprise.

What you can do

• Create validations, fetch results, list saved ideas.
• Export reports (PDF/JSON) and run AI follow-ups.
• Manage API keys with quotas per user.

Getting started

1. Business/Enterprise users generate an API key in Settings → API.
2. Include the key as a header: Authorization: Bearer <key>.
3. Use HTTPS; never embed keys in client-side code.

Common endpoints

• POST /api/validations – create validation.
• GET /api/validations/{id} – fetch result.
• GET /api/validations – list.
• POST /api/exports – request PDF/JSON.
• POST /api/chat – follow-up questions.

Best practices

• Rotate keys regularly; revoke unused keys.
• Limit usage to server-side code; use env vars for secrets.
• Respect plan quotas; handle 429 rate-limit responses with backoff.
• Log API actions for compliance; pair with Audit Logs on Business+.

Security

• No secrets in client apps.
• Use TLS; pin hosts where possible.