Your API Key

Your API key is the connection between your website and WUDO. Here's everything you need to know about it.

What is an API key?

Think of an API key as a password that only your website knows. When your website wants to show blog content from WUDO, it sends this key to prove it has permission.

It's like a VIP pass — your website shows the pass, and WUDO gives it the content to display.

Your key looks like this:

wudo_pk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

It always starts with wudo_pk_ followed by a long string of letters and numbers.

How to create a key

When you first sign up, the setup wizard will ask you to create a key. Just click "Generate My API Key".

Give it a name you'll remember, like "My Website" or "Company Blog".

Click the "Copy" button and save the key immediately.

Keep your key safe

DO: Save it in your website settings

This is where the key belongs — in your website's configuration.

DO: Keep a backup copy in a safe place

Save it in a password manager, a private note, or a document only you can access.

DON'T: Share it publicly

Never post your key on social media, forums, or any public place. Anyone who has your key could access your content.

DON'T: Put it in your website's visible code

The key should be in your server settings, not in JavaScript or HTML that visitors can see.

What if I lose my key?

Don't worry! You can create a new key anytime from your WUDO dashboard. The old key will automatically stop working (so nobody else can use it), and your new key will take its place.

Just remember to update the key in your website settings too.

Technical Details

The following information is for developers who are implementing the API integration.

Using the Key in API Requests

You can pass your API key in two ways:

Option 1: X-Api-Key header (recommended)

curl -H "X-Api-Key: wudo_pk_your_key_here" \
     https://wudoseo.com/api/v1/blogs

Option 2: Authorization Bearer header

curl -H "Authorization: Bearer wudo_pk_your_key_here" \
     https://wudoseo.com/api/v1/blogs

Scopes

Each API key has permissions (scopes) that control what it can access. Default scopes include:

Scope	What it allows
`blogs:read`	View and list published blogs
`blogs:write`	Publish and update blogs
`products:read`	View and list products
`products:write`	Create, update, and import products
`images:read`	Access blog images and banners

Rate Limits

Each API key allows 60 requests per minute by default. Rate limit headers are included in every response:

Header	Description
`X-RateLimit-Limit`	Max requests per minute
`X-RateLimit-Remaining`	Remaining requests in current window
`X-RateLimit-Reset`	Seconds until rate limit resets

If you exceed the rate limit, you'll receive a 429 Too Many Requests response.

Key Management API

Create a new key

POST /api/keys
Authorization: Bearer <jwt_token>
Content-Type: application/json

{ "name": "My Website" }

List your keys

GET /api/keys
Authorization: Bearer <jwt_token>

Rotate a key (generates new key, revokes old)

POST /api/keys/{keyId}/rotate
Authorization: Bearer <jwt_token>

Revoke a key

DELETE /api/keys/{keyId}
Authorization: Bearer <jwt_token>

Error Responses

Code	Meaning
`401`	Missing, invalid, or expired API key
`403`	Key does not have required scope or feature access
`429`	Rate limit exceeded — wait and try again