viralquery

Authentication

Bearer tokens, per-key accounts, scopes.

Every gated call carries a bearer token:

Authorization: Bearer sk_viralquery_...

A key resolves to one account — its own credit balance, its own event log, its own optional scopes. viralquery never stores the plaintext key; only its SHA-256 hash.

Scopes

Per-key scopes restrict what an account can call. Pattern: port:method.

  • "*" or empty array — full access.
  • "library:*" — every library op.
  • "library:search" — that one op only.

A call outside its scopes returns 403 with the violated op.

Rotation & revocation

Keys are issued once and can't be rotated by the caller. If a key is compromised, contact the viralquery team to revoke it and issue a replacement.

Quickstart

Make your first viralquery call in under a minute.

Credits & billing

How metering, top-ups, and 402 work.

On this page

ScopesRotation & revocation