Authentication
All API requests require an API key passed via the x-api-key header.
API Keys
x-api-key: inc_live_xxxxxAPI keys are generated per app from the dashboard. Each app has a single API key that identifies the app. Keep your API key secure — never expose it in client-side code.
Use environment variables:
const INCENTA_API_KEY = process.env.INCENTA_API_KEYKey prefixes
| Prefix | Use |
|---|---|
inc_live_ | Production |
inc_test_ | Sandbox / development |
Rate limiting
API usage is tracked per app via ApiUsageLog. Each app has a monthly limit configured in the dashboard. When exceeded, the API returns a 429 Too Many Requests response.
Errors
The API uses conventional HTTP response codes:
| Code | Meaning |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Bad request — check your request body |
| 401 | Unauthorized — invalid or missing API key |
| 404 | Resource not found |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Error responses include a message:
{
"error": "Referral code not found"
}Last updated on