Build against
https://api.creatoraudit.com/v2 and authenticate every request with an
organization-scoped bearer key. See Authentication
and Versioning.Manage keys safely
An API key grants full access to your organization’s data, so treat it like a password.- Keep it server-side. Store the key in a secret manager and call the API from your backend. Never commit it, embed it in client-side code, or paste it into logs.
- Use one key per integration. Separate keys let you disable one without
disrupting the others, and
GET /v2/whoamitells you which key and organization a token resolves to. - Rotate without downtime. Create a new key, deploy it, confirm traffic has moved
over, then disable the old one. Don’t delete the old key until you’re sure nothing
still uses it — disabled keys return
403.
Paginate with cursors, not offsets
List endpoints use opaque cursor pagination. Loop whilepagination.has_next is
true, passing the previous next_cursor each time, and keep your filters and sort
identical across pages — a cursor is bound to the filter and sort it was issued for.
Use the largest sensible limit (up to 200) to fetch a page set in fewer calls.
Handle rate limits and back off on 429
Every authenticated response carriesX-RateLimit-Limit, X-RateLimit-Remaining,
and X-RateLimit-Reset. Read them at runtime rather than hard-coding a number, and
slow down as X-RateLimit-Remaining approaches zero. On a 429, honor Retry-After
when present, then fall back to exponential back-off. The same pattern fits transient
503 (SERVICE_UNAVAILABLE) responses.
Cache with conditional requests
GET responses carry a strong ETag. Send the value back as If-None-Match; an
unchanged representation returns 304 Not Modified with an empty body, so you skip
the re-download and save bandwidth.
Make writes idempotent
POST /accounts, POST /videos, and POST /creators accept an Idempotency-Key
header. Send a unique key per logical operation so a retry after a network blip
doesn’t create a duplicate — the server returns the original result instead.
Poll on a sensible cadence
CreatorAudit refreshes data on a schedule, not in real time, and there are no webhooks — consumers poll. After a write, a new resource’slast_scrape_time is
null until its first refresh lands. Re-fetch on an interval (seconds to minutes,
not a tight loop) and anchor staleness decisions on last_scrape_time rather than
assuming “now”.
Reduce calls with batch metrics
Instead of fetching windowed metrics one resource at a time, request many IDs in a single call with the batch endpoints. Each takes aperiod (7d, 30d, 90d, or
custom with start_date/end_date) and a list of IDs.
| Endpoint | ID field |
|---|---|
POST /v2/accounts/metrics | account_ids (1–200) |
POST /v2/videos/metrics | video_ids (1–200) |
POST /v2/account-videos/metrics | instagram_post_ids and/or tiktok_video_ids |
Log the request ID on every failure
Every response includes anX-Request-ID header, mirrored as request_id in the
RFC 9457 error body. Log it with each failure so support can correlate a call to its
server-side event. Branch on the HTTP status for coarse flow and on the code field
for specifics.
code reference.
Next steps
API setup
Get a key and make your first authenticated call.
Python example
A worked end-to-end client you can adapt.
For AI agents
Patterns for driving the API from an agent.
Errors
Status codes,
code values, and robust handling.