trackagoat logotrackagoat/Docs

Getting started

  • Welcome
  • Quickstart
  • Core concepts

Guides

  • Creators
  • Videos
  • Campaigns
  • Creator Goals
  • Tracking Inbox
  • Content calendar
  • How scraping works
  • Analytics & metrics
  • Similar creator pools
  • Over-posting & suppression
  • Program Health
  • Sentiment Radar
  • API keys
  • Limits & plan tiers
  • Notifications
  • Payouts

API reference

  • Overview
  • Authentication
  • Errors
  • Projects
  • Creators
  • Videos
  • Campaigns
  • Analytics
  • Aggregate Analytics
  • Payouts
  • Schema

For agents

  • Agent guide
  • Data model
  • MCP & tooling

Platform

  • Brand
  • Changelog
  • Support
DocsGuides

API keys

Creating and managing API keys for programmatic access to your org's data.

PreviousSentiment RadarNextLimits & plan tiers

On this page

  • Overview
  • Creating an API key
  • Using your key
  • Revoking a key
  • Limits

Overview

API keys give programmatic read access to your organization's data via the v1 API. Keys are:

  • Org-scoped — a key can only access data in the org of the user who created it
  • Shown once — the plaintext key is displayed once at creation and cannot be recovered
  • Hashed at rest — trackagoat stores only a SHA-256 hash of your key, never the plaintext

Creating an API key

1

Open org settings

Go to Org settings → API keys (accessible from the org admin panel).

2

Click + New API Key

Give your key a descriptive name (e.g., Claude MCP access, Analytics script, Dashboard integration).

3

Copy your key immediately

After clicking Create, the full key (tga_<64 hex chars>) is displayed. Copy it now — this is the only time you'll see it.

If you lose the key, you must create a new one. trackagoat cannot recover the plaintext of an existing key.

Using your key

Include the key as a Bearer token on every API request:

bash
curl -H "Authorization: Bearer tga_<your-key>" \
  https://www.trackagoat.com/api/v1/projects

See the Authentication reference for full details.

Revoking a key

To revoke a key, go to Org settings → API keys and click the delete icon next to the key. Revocation is immediate — any requests using the revoked key will receive a 401 Unauthorized response.

Limits

Your plan tier controls max_api_keys_per_org (the maximum number of active keys). For most plans this is generous — if you hit the limit, delete unused keys first.

API keys also have a per-key rate limit: a sliding-window limit on requests per minute, separate from the daily org-level max_api_requests_per_day quota. See Errors for the response format when limits are hit.

API Reference

Full authentication reference for the v1 API.

Limits

Plan tiers and how rate limits are enforced.

Errors

Error codes and response format for API errors.