Overview
The Cost Optix API uses API keys for authentication. API keys are scoped to your organization and carry a permission level that controls what operations they can perform.
API access is available on all tiers, with daily call limits depending on your plan:
| Tier | Daily API call limit |
|---|
| Starter | 100 |
| Professional | 1,000 |
| Business | 10,000 |
| Enterprise | Unlimited |
Generating an API Key
- Log into your Cost Optix dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Give it a descriptive name (e.g.
CI Pipeline, Grafana Integration)
- Select a permission level
- Optionally set an expiry date
- Copy the key immediately — it will not be shown again
Permission Levels
| Permission | Description |
|---|
read | View cost data, analytics, anomalies, and budgets |
write | Modify data and trigger operations |
admin | Full access including API key management |
Using Your API Key
Include your API key in every request using the X-API-Key header:
curl -H "X-API-Key: cc_your_api_key_here" \
https://costoptix.com/api/v1/health
Never expose your API key in client-side code or public repositories. Treat it like a password.
Base URL
https://costoptix.com/api/v1
Example Requests
Check authentication:
curl -H "X-API-Key: cc_your_key" \
https://costoptix.com/api/v1/auth/info
curl -H "X-API-Key: cc_your_key" \
"https://costoptix.com/api/v1/costs?start_date=2025-01-01&end_date=2025-01-31"
Key Rotation
API keys can be revoked at any time from Settings → API Keys. When rotating keys:
- Create the new key
- Update all systems using the old key
- Revoke the old key
Revocation is immediate — the old key will stop working as soon as it is revoked.
Rate Limiting
Requests that exceed your daily limit return a 429 Too Many Requests response. The response includes a Retry-After header indicating when your quota resets (midnight UTC).
{
"success": false,
"error": "Daily API call limit reached. Upgrade your plan for higher limits."
}
Error Responses
All API errors follow a consistent format:
{
"success": false,
"error": "Description of what went wrong"
}
| HTTP Status | Meaning |
|---|
200 | Success |
400 | Bad request — check your parameters |
401 | Unauthorized — invalid or missing API key |
403 | Forbidden — your key lacks the required permission |
429 | Rate limit exceeded |
500 | Internal server error |
