Authentication
Every request to the Rustbox API must include a valid API key.
API key format
Section titled “API key format”Keys follow the format:
rb_live_<random>Example: rb_live_k7x9m2p4q8w1n5v3
Keys are provisioned when you request access. Each key is scoped to your account and tracks usage for rate limiting.
Authenticating requests
Section titled “Authenticating requests”Include your API key in the X-API-Key header:
curl -X POST "https://api.rustbox.orkait.com/api/submit?wait=true" \ -H "Content-Type: application/json" \ -H "X-API-Key: rb_live_your_key_here" \ -d '{"language": "python", "code": "print(42)"}'Error responses
Section titled “Error responses”| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid API key |
429 Too Many Requests | Rate limit exceeded |
A 401 response body:
{ "error": "unauthorized", "message": "Missing or invalid API key"}Rate limits
Section titled “Rate limits”| Tier | Requests/min | Concurrent executions |
|---|---|---|
| Beta | 60 | 10 |
When you exceed the rate limit, the response includes a Retry-After header indicating how many seconds to wait before retrying.
Security
Section titled “Security”- Transmit your API key only over HTTPS. All API endpoints enforce TLS.
- Do not embed keys in client-side code. Make API calls from your backend.
- If a key is compromised, contact us immediately for rotation.
Constant-time comparison is used for all key validation to prevent timing attacks.