Overview
The Enter Theatre API supports two access levels:| Access Level | Rate Limit | Use Case |
|---|---|---|
| Public (no key) | 100 requests/day | Testing, small projects |
| API Key | 10,000 requests/day | Production apps |
GET endpoints are publicly accessible. Write operations (POST, PUT, DELETE) require Supabase authentication.
Rate Limits
Without API Key
Anonymous requests are rate-limited by IP address:- 100 requests per day
- Resets at midnight UTC
With API Key
Authenticated requests using an API key get higher limits:- 10,000 requests per day (default)
- Resets at midnight UTC
Rate Limit Headers
Every response includes rate limit information:| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed |
X-RateLimit-Remaining | Requests remaining in window |
X-RateLimit-Reset | Unix timestamp when limit resets |
Rate Limit Exceeded
When you exceed the rate limit, you’ll receive a429 response:
Getting an API Key
1
Create an account
Sign up at entertheatre.com/signup
2
Go to Developer Dashboard
3
Create a new key
Click “Create New Key” and give it a descriptive name
4
Copy your key
Copy your API key immediately - you won’t be able to see it again!
Using Your API Key
Include your API key in theAuthorization header:
Invalid API Key
If you provide an invalid or revoked API key, you’ll receive a401 response:
Write Operations
For create, update, and delete operations, you need to be authenticated via Supabase session (not API key). This is intended for the admin dashboard, not external API consumers.Best Practices
Keep keys secret
Never commit API keys to version control or expose them in client-side code.
Use environment variables
Store your API key in environment variables like
ENTER_THEATRE_API_KEY.Monitor usage
Check your usage in the dashboard to avoid hitting rate limits.
Rotate keys
If a key is compromised, revoke it immediately and create a new one.