Authentication
The Dreabee API uses API keys to authenticate requests. All API calls must include your key as a Bearer token in the Authorization header. Keys are scoped to your account and carry your plan limits.
Overview
All requests to the Dreabee API must be authenticated. We use API keys — long-lived tokens that are tied to your account and carry your plan's permissions and rate limits.
There are two types of keys:
Live keys (drea_live_...) — Use in production. These keys access real data and count against your monthly request quota.
Test keys (drea_test_...) — Use in development. Requests are sandboxed and return mock data. Test requests do not count toward your quota.
Key format
Dreabee API keys follow a consistent format that encodes the environment and type, making them easy to identify at a glance.
Usage
Pass your API key as a Bearer token in the Authorization HTTP header on every request.
Example requests
-H "Authorization: Bearer $DREABEE_API_KEY" \
-G \
-d "platform=instagram"
from dreabee import DreabeeClient
# Load key from environment — never hardcode
client = DreabeeClient(api_key=os.environ["DREABEE_API_KEY"])
# The client handles auth headers automatically
creator = client.creator.get("luxestyle", platform="instagram")
print(creator.authenticity_score) # 91.4
// Load from env — process.env.DREABEE_API_KEY
const client = new DreabeeClient(process.env.DREABEE_API_KEY)
const creator = await client.creator.get({
handle: 'luxestyle',
platform: 'instagram'
})
console.log(creator.authenticity_score) // 91.4
Security best practices
Store keys in environment variables
Never hardcode API keys in source code. Store them in environment variables and load them at runtime.
DREABEE_API_KEY=drea_live_sk_your_key_here
# Use test key during development
DREABEE_TEST_KEY=drea_test_sk_your_test_key
Use separate keys per environment
Generate distinct keys for development, staging, and production. This way you can revoke a single environment's access without affecting others.
Restrict key permissions
In your dashboard, you can scope keys to specific endpoints or IP addresses. Use the minimum permissions your integration actually needs.
Rotating API keys
You can generate a new API key at any time from Settings → API Keys in your dashboard. When you rotate a key:
1. Generate the new key in your dashboard — it's active immediately.
2. Update your application to use
the new key.
3. Delete the old key once you've confirmed everything works.
Authentication errors
When authentication fails, the API returns a structured JSON error body alongside an HTTP error status.
| Status | Error code | Cause | Fix |
|---|---|---|---|
| 401 | MISSING_KEY | No Authorization header sent | Add Authorization: Bearer {key} header |
| 401 | INVALID_KEY | Key doesn't exist or is malformed | Verify key from your dashboard |
| 401 | REVOKED_KEY | Key was deleted or revoked | Generate a new key in Settings |
| 403 | PLAN_RESTRICTED | Endpoint not available on your plan | Upgrade your plan or use a different endpoint |
| 429 | RATE_LIMITED | Request rate exceeded | Back off and retry after Retry-After seconds |
"error": {
"code": "INVALID_KEY",
"message": "The API key provided is invalid or has been revoked.",
"status": 401,
"docs": "https://docs.dreabee.com/api/authentication#errors"
}
}
Rate limits
Rate limits are enforced per API key. Every response includes headers that tell you your current usage:
X-RateLimit-Remaining: 47 # Remaining in current window
X-RateLimit-Reset: 1705929600 # Unix timestamp when window resets
X-Monthly-Limit: 50000 # Total monthly quota
X-Monthly-Remaining: 49953 # Monthly remaining
When rate-limited, wait the number of seconds in the Retry-After header before retrying. Implement exponential backoff for resilience.
Pagination
All list endpoints use cursor-based pagination. Responses include a pagination object with the cursor for the next page.
Pagination response fields
while True:
page = client.creator.search(
niche="beauty", location="GB",
cursor=cursor, per_page=100
)
results.extend(page.data)
if not page.pagination.has_more: break
cursor = page.pagination.next_cursor
print(f"Found {len(results)} creators")