citlyze docs
API

Authentication

Authenticate REST and MCP requests with workspace API keys.

The REST API and MCP server use the same Bearer token authentication. Both are served from https://app.citlyze.com.

Authorization: Bearer aeo_live_...

Workspace scope

Each key grants read access to exactly one workspace. It cannot read another workspace and cannot write data.

Plan gating

API exports must be included in the workspace plan. If exports are not available, requests return:

{
  "error": "API access is not included in this workspace's plan. Upgrade to a plan with API exports.",
  "code": "plan_capability_required"
}

Rate limits

The default per-key rate limit is 120 requests per minute. Rate-limited responses include a Retry-After header.

Revocation

Revoked keys stop working immediately. Create a new key for each external tool so access can be revoked independently.

On this page