NeedFontDocumentation
AboutDashboard
API Reference

Authentication

Learn how to authenticate with the NeedFont API to access your font library programmatically.

Overview

NeedFont uses API keys for authentication. You can create multiple keys with different permissions for different use cases—one for your build scripts, another for your website, etc.

API Keys

Generate keys from your dashboard with specific scopes and permissions.

Scoped Access

Limit keys to read-only, read-write, or specific endpoints for security.

Rate Limits

Each key has configurable rate limits to prevent abuse.

Creating an API Key

  1. Go to your NeedFont dashboard
  2. Navigate to Settings → API Keys
  3. Click “Create New Key”
  4. Choose a name and scope:
    • read – List and download fonts
    • write – Upload, update, and delete fonts
    • serve – Serve fonts via CDN endpoints
  5. Copy the key immediately—it won't be shown again

Using Your API Key

Include your API key in the Authorization header of every request.

curl -X GET https://needfont.app/api/v1/fonts \ -H "Authorization: Bearer YOUR_API_KEY"
Example: Fetch All Fonts
GET /api/v1/fonts Headers: Authorization: Bearer nf_live_abc123... Response: { "data": [ { "id": "font_abc123", "name": "Inter", "family": "Inter", "style": "Regular", "weight": 400, "format": "otf" }, ... ], "meta": { "total": 42, "page": 1, "perPage": 20 } }

API Key Scopes

ScopePermissions
readList fonts, get font details, download font files
writeUpload fonts, update metadata, delete fonts, manage collections
serveAccess CDN endpoints, generate CSS, serve WOFF2 files
adminManage API keys, view usage analytics, configure settings

Rate Limits

API requests are rate-limited to prevent abuse. Limits are applied per API key.

Standard Limits

  • • Read endpoints: 1,000 requests/minute
  • • Write endpoints: 100 requests/minute
  • • Upload: 50 MB/hour

Rate Limit Headers

  • X-RateLimit-Limit: 1000
  • X-RateLimit-Remaining: 999
  • X-RateLimit-Reset: 1640000000

Exceeded rate limit? Wait for the reset time in X-RateLimit-Reset, or reduce request frequency. The API returns a 429 Too Many Requests status when limits are exceeded.

Error Handling

The API returns consistent error responses with helpful messages.

{ "error": { "code": "UNAUTHORIZED", "message": "Invalid or expired API key", "details": { "keyId": "nf_live_abc..." } } }
Common Error Codes
401
UNAUTHORIZED
Invalid API key
403
FORBIDDEN
Key lacks required scope
404
NOT_FOUND
Resource not found
429
RATE_LIMITED
Rate limit exceeded
400
VALIDATION_ERROR
Invalid request data
500
SERVER_ERROR
Internal server error

Security Best Practices

  • Use environment variables. Never commit API keys to version control.
  • Use minimal scopes. Give each key only the permissions it needs.
  • Rotate keys regularly. Create new keys and deprecate old ones periodically.
  • Monitor usage. Check your dashboard for unusual activity.

Continue Learning

Fonts API
List, upload, download, and manage fonts
Font Serving API
Serve fonts on your websites via CDN
Collections API
Organize fonts into collections
Collections & TagsFonts API