API Key Scopes
There are two types of API keys. Each key type uses its own set of routes:
- Personal keys use
/v1/me/ routes
- Workspace keys use
/v1/workspace/ routes
Using a key on the wrong route set will return a 403 error. Both route sets use the same request format — see Getting Started.
| Personal Key | Workspace Key |
|---|
| Routes | /v1/me/* | /v1/workspace/* |
| Created by | Any workspace member | Workspace admins only |
| Meetings access | Your own meetings + meetings shared
with you (directly or via shared tags) | All meetings across the workspace |
| Tasks access | Tasks from your meetings + tasks from
shared meetings | All tasks across the workspace |
| Delete meetings | Your own meetings only | Any meeting in the workspace |
| Search | Full-text meeting search | Not available |
| Tags | List your tags | Not available |
userEmail filter | Not available | Filter results by a specific user’s email |
| Rate limit scope | 100 requests/min per key | 100 requests/min per key |
| Max keys | 3 per user | 10 per workspace |
If you only need access to your own data, use a Personal key. Use a Workspace key when you need to query across all team members or filter by user.
Shared Meeting Access (Personal Keys)
Personal keys don’t just return your own meetings — they also include meetings that have been shared with you:
- Directly shared — Meetings explicitly shared with you by a teammate
- Shared via tags — Meetings tagged with a label that’s been shared with you
This applies to both meeting listing and task listing. Deleting meetings is restricted to meetings you own.
Rate Limiting
API requests are limited to 100 requests per minute per API key. Each key has its own independent quota regardless of type.
When you exceed the limit, you’ll receive a 429 Too Many Requests response with these headers:
| Header | Description |
|---|
X-RateLimit-Limit | Maximum requests allowed per window |
X-RateLimit-Remaining | Requests remaining in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Error Responses
All errors return a JSON object with an error field:
{
"error": "Description of what went wrong"
}
Status Codes
| Status | Meaning | Common Causes |
|---|
200 | Success | Request completed successfully |
400 | Bad Request | Invalid parameters — malformed dates, bad cursor format, missing fields |
401 | Unauthorized | Missing or invalid API key |
403 | Forbidden | Wrong key type for route, or insufficient access |
404 | Not Found | Meeting or resource doesn’t exist |
429 | Too Many Requests | Rate limit exceeded — wait and retry |
500 | Internal Error | Something went wrong on our end — please retry |
Common Error Examples
Missing API key:
{ "error": "Missing API key. Use header: x-api-key: <your_api_key>" }
{ "error": "This endpoint requires a workspace-scoped API key." }
{ "error": "Access denied. You do not have access to this meeting." }
{ "error": "Invalid startDate format" }
