Authentication
Learn how to authenticate with the UGCLab API using API keys
All UGCLab API endpoints require authentication via API key.
Base URL
https://api.ugclab.app/api/v1API Keys
API keys are used to authenticate requests to the UGCLab API. Each API key is tied to a workspace and has access to all resources within that workspace.
Creating an API Key
- Go to your Dashboard Settings
- Navigate to the "API Keys" section
- Click "Create API Key"
- Give your key a descriptive name
- Copy the key immediately - it won't be shown again
API access requires a Pro, Business, or Enterprise plan.
API Key Format
API keys are prefixed with ugc_ followed by 48 hexadecimal characters:
ugc_3fe6345d9f67f894965c296886b7e39daff335f476b332bdAuthentication Header
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer ugc_your_api_key_hereExample Request
curl -X GET "https://api.ugclab.app/api/v1/projects" \
-H "Authorization: Bearer ugc_your_api_key_here"const response = await fetch('https://api.ugclab.app/api/v1/projects', {
headers: {
'Authorization': 'Bearer ugc_your_api_key_here'
}
});import requests
response = requests.get(
'https://api.ugclab.app/api/v1/projects',
headers={'Authorization': 'Bearer ugc_your_api_key_here'}
)Security Best Practices
- Never share your API key - Treat it like a password
- Don't commit keys to source control - Use environment variables
- Rotate keys regularly - Create new keys and revoke old ones
- Use separate keys - Create different keys for different applications
Rate Limiting
The API implements rate limiting to ensure fair usage and system stability.
Rate Limits
| Limit Type | Limit | Window |
|---|---|---|
| Authentication (per IP) | 20 requests | 1 minute |
| Read operations (per API key) | 1000 requests | 1 hour |
| Write operations (per API key) | 100 requests | 1 hour |
| UGC Creation (per API key) | 100 requests | 1 hour |
Rate Limit Headers
All responses include rate limit information:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed in the window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the limit resets |
Retry-After | Seconds until limit resets (on 429 responses) |
Handling Rate Limits
When you exceed a rate limit, the API returns a 429 Too Many Requests response:
{
"error": {
"message": "Rate limit exceeded",
"code": "RATE_LIMIT_EXCEEDED"
},
"meta": {
"requestId": "req_abc123def456",
"timestamp": "2025-01-15T10:30:00.000Z"
}
}Implement exponential backoff when you receive 429 responses.
Error Responses
Authentication Errors
| Code | HTTP Status | Description |
|---|---|---|
MISSING_AUTH_HEADER | 401 | No Authorization header provided |
INVALID_AUTH_FORMAT | 401 | Invalid Authorization header format |
INVALID_API_KEY | 401 | API key is invalid or expired |
IP_RATE_LIMITED | 429 | Too many authentication attempts from this IP |
Example Error Response
{
"error": {
"message": "Invalid or expired API key",
"code": "INVALID_API_KEY"
},
"meta": {
"requestId": "req_abc123def456",
"timestamp": "2025-01-15T10:30:00.000Z"
}
}Request IDs
Every API response includes a unique requestId in the meta object. Include this ID when contacting support for faster issue resolution.
{
"data": { ... },
"meta": {
"requestId": "req_abc123def456",
"timestamp": "2025-01-15T10:30:00.000Z"
}
}