> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meetjamie.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Access & Security
> API key scopes, rate limits, and error handling
## API Key Scopes
There are two types of API keys. Each key type uses its own set of routes:
* **Personal keys** use `/v1/me/` routes
* **Workspace keys** use `/v1/workspace/` routes
Using a key on the wrong route set will return a `403` error. Both route sets use the same request format — see [Getting Started](/pages/developers/api/getting-started).
| | Personal Key | Workspace Key |
| ---------------------- | -------------------------------------------------------------------------- | ----------------------------------------- |
| **Routes** | `/v1/me/*` | `/v1/workspace/*` |
| **Created by** | Any workspace member | Workspace admins only |
| **Meetings access** | Your own meetings + meetings shared with you (directly or via shared tags) | All meetings across the workspace |
| **Tasks access** | Tasks from your meetings + tasks from shared meetings | All tasks across the workspace |
| **Delete meetings** | Your own meetings only | Any meeting in the workspace |
| **Search** | Full-text meeting search | Not available |
| **Tags** | List your tags | Not available |
| **`userEmail` filter** | Not available | Filter results by a specific user's email |
| **Rate limit scope** | 100 requests/min per user | 100 requests/min per workspace |
| **Max keys** | 3 per user | 10 per workspace |
If you only need access to your own data, use a **Personal** key. Use a **Workspace** key when you need to query across all team members or filter by user.
### Shared Meeting Access (Personal Keys)
Personal keys don't just return your own meetings — they also include meetings that have been shared with you:
* **Directly shared** — Meetings explicitly shared with you by a teammate
* **Shared via tags** — Meetings tagged with a label that's been shared with you
This applies to both meeting listing and task listing. Deleting meetings is restricted to meetings you own.
## Rate Limiting
API requests are limited to **100 requests per minute**.
* **Personal keys** — The limit applies per user. Each user with their own key gets their own quota.
* **Workspace keys** — The limit applies per workspace. All workspace keys share the same quota.
When you exceed the limit, you'll receive a `429 Too Many Requests` response with these headers:
| Header | Description |
| ----------------------- | ---------------------------------------- |
| `X-RateLimit-Limit` | Maximum requests allowed per window |
| `X-RateLimit-Remaining` | Requests remaining in the current window |
| `X-RateLimit-Reset` | Unix timestamp when the window resets |
## Error Responses
All errors return a JSON object with an `error` field:
```json theme={null}
{
"error": "Description of what went wrong"
}
```
### Status Codes
| Status | Meaning | Common Causes |
| ------ | ----------------- | ----------------------------------------------------------------------- |
| `200` | Success | Request completed successfully |
| `400` | Bad Request | Invalid parameters — malformed dates, bad cursor format, missing fields |
| `401` | Unauthorized | Missing or invalid API key |
| `403` | Forbidden | Wrong key type for route, or insufficient access |
| `404` | Not Found | Meeting or resource doesn't exist |
| `429` | Too Many Requests | Rate limit exceeded — wait and retry |
| `500` | Internal Error | Something went wrong on our end — please retry |
### Common Error Examples
**Missing API key:**
```json theme={null}
{ "error": "Missing API key. Use header: x-api-key: " }
```
**Wrong key type for route:**
```json theme={null}
{ "error": "This endpoint requires a workspace-scoped API key." }
```
**No access to a meeting:**
```json theme={null}
{ "error": "Access denied. You do not have access to this meeting." }
```
**Invalid query parameter:**
```json theme={null}
{ "error": "Invalid startDate format" }
```