Skip to main content
Every request made to the Sift API through REST or gRPC requires an API key for authentication and a base URL that identifies the specific Sift API server your project is connected to.

How API keys work

API keys in Sift are user-associated credentials used to authenticate requests to the Sift API. Each key inherits the permissions of the user it is associated with and remains valid indefinitely unless explicitly deleted. All API keys are listed under the API Keys interface, where they can also be removed. When interacting with the Sift API:
  • For REST requests using the Bearer authentication scheme, the API key must be included in the HTTP request authorization header.
  • For gRPC requests, the API key must be passed as a metadata field, also using the authorization header with the Bearer scheme.
API keys can be created and managed either through the Sift UI or programmatically via the Sift API.

Create an API key

  1. Click your profile icon.
  2. Select Manage.
  3. In the Manage navigation menu, click API Keys.
  4. Click Create API Key.
  5. In the Name box, enter a name for the API key.
  6. In the User list, select the user email to link to the API key.
  7. Click Create.
    Key value: Upon creation, the key value is displayed once and cannot be retrieved later. Store it securely using a secret management tool of your choice.

Obtain the base URL

The REST or gRPC base URL can be obtained through the Sift UI. The base URL tells your application exactly where to send API requests and ensures that your requests reach the correct environment.
  1. Click your profile icon.
  2. Select Manage.
  3. In the Manage navigation menu, click API Keys.

API rate limits

Sift enforces rate limits on its API to keep the platform fast and reliable for everyone. How limits are applied
  • Per organization
  • Per API endpoint
  • Set well above typical usage (you won’t be seeing this most of the time)
What happens if you exceed a limit
  • HTTP API: status 429 Too Many Requests, with a message indicating waiting before retrying.
  • gRPC API: status RESOURCE_EXHAUSTED, with a message indicating waiting before retrying.
These responses are safe to retry because the request was not processed. Retrying after the indicated delay has no unintended side effects. Limit values Sift does not publish specific per-endpoint limits, and they can change over time as the platform develops. If you have a planned operation that legitimately needs higher throughput on a given endpoint, contact Sift support in advance and Sift can temporarily raise your limit for the set duration. Tips to avoid rate limiting
  • Batch where the API supports it rather than looping single-record calls.
  • Avoid tight retry loops without backoff.
  • Spread large backfills or migrations over time instead of issuing them all at once.