Get Started

Authentication

JWT for dashboard routes, API keys for most /v1 routes.

Auth model

Middleware checks bearer tokens in this order: JWT first, then API key (wbk_...). Public access is limited to GET/v1/health.

GET/v1/health

Auth: PublicBilling: FreeBehavior: Synchronous health check

API key header example

const res = await fetch('https://prod-backup-backend.wubble.ai/v1/credits', {
  headers: { Authorization: `Bearer ${process.env.WUBBLE_API_KEY}` },
});

if (res.status === 401) throw new Error('Missing/invalid key');
if (res.status === 403) throw new Error('Key missing required scope');

Scope checks

Route family scopestext

/v1/webhooks*          -> webhooks:manage
/v1/credits            -> analytics:read
/v1/usage              -> analytics:read
/v1/requests/*         -> analytics:read
/v1/music*             -> audio:generate
/v1/speech*            -> audio:generate
/v1/sound-effects*     -> audio:generate
/v1/apikeys*           -> full_access

POST/v1/apikeys enforces JWT in route logic and rejects API-key callers with 403.

POST/v1/apikeys

Auth: Dashboard JWT onlyBilling: FreeBehavior: Rejected with 403 for API-key callers

API keys

Create and manage keys

Rate limits

Service and concurrency limits

API introduction

Canonical v1 behavior

Overview

API intro and next steps

Was this page helpful?

Rate LimitsNext