Authentication

Every Dev API request must include an x-api-key header.

Header contract

http
GET /dev/project
x-api-key: wp_your_api_key_here

Missing or invalid keys return 401.

Key checks order

  1. Key exists and is valid
  2. Key is active
  3. Monthly quota not exceeded

If all pass, endpoint-level project scoping checks run next.

Scoping behavior

A valid key from project A cannot fetch project B content. Mismatches return 403.

Public frontend usage

Using this key client-side is supported for read-only use cases. If you prefer not to expose it in browser requests, proxy from your own server.

Common auth errors

StatusMeaning
401Missing or invalid key
403Inactive key or cross-project access
429Monthly usage limit exceeded

Last updated: 12th April, 2026

Whitepapper logo

Whitepapper

Whitepapper is a API first content platform for developers who want to publish once, distribute everywhere, and manage website content.

Blogs Updates Resources Docs
Components Features Integrations Pricing
Use Cases Compare Glossary
About us Contact Terms of service Privacy policy