Authentication
The StudyPlug API offers two access tiers. The free tier requires no authentication at all — you can start making requests immediately. The authenticated tier uses API keys for higher rate limits.
Free Tier (No Key Required)
Section titled “Free Tier (No Key Required)”Every endpoint works without an API key. Requests are rate-limited by IP address to 30 requests per minute and 200 per day. This is enough for prototyping, testing, and light usage.
# No API key needed -- just call the endpointcurl -X POST https://api.studyplug.org/api/v1/generate \ -H "Content-Type: application/json" \ -d '{"skill": "add-within-10", "count": 5}'import { StudyPlug } from "studyplug";
// No apiKey option -- uses free tier automaticallyconst sp = new StudyPlug();const { data } = await sp.generate({ skill: "add-within-10", count: 5 });Authenticated Tier (API Key)
Section titled “Authenticated Tier (API Key)”For higher rate limits and usage tracking, pass your API key in the X-StudyPlug-Key header. Authenticated requests are rate-limited per key instead of per IP.
curl -X POST https://api.studyplug.org/api/v1/generate \ -H "Content-Type: application/json" \ -H "X-StudyPlug-Key: sp_live_your-api-key-here" \ -d '{"skill": "add-within-10", "count": 5}'import { StudyPlug } from "studyplug";
const sp = new StudyPlug({ apiKey: "sp_live_your-api-key-here",});
// All requests now include the X-StudyPlug-Key headerconst { data } = await sp.generate({ skill: "add-within-10", count: 5 });Getting an API Key
Section titled “Getting an API Key”To request an API key, fill out the request form. We’ll review your request and email you a key if approved.
The free tier (no key) is available to everyone with no sign-up required.
Security Best Practices
Section titled “Security Best Practices”Never expose your API key in client-side code. Browser JavaScript, mobile app bundles, and public repositories are all visible to end users.
Instead, proxy API requests through your own backend:
// Server-side (safe) -- your backend holds the keyconst sp = new StudyPlug({ apiKey: process.env.STUDYPLUG_API_KEY });
// Client-side (unsafe) -- DO NOT do this// const sp = new StudyPlug({ apiKey: "sp_live_..." }); // exposed to users!If you believe your key has been compromised, revoke it immediately using the DELETE /api/v1/keys endpoint and request a new one.
SDK Configuration
Section titled “SDK Configuration”The SDK accepts several options alongside apiKey:
const sp = new StudyPlug({ apiKey: "sp_live_your-api-key-here", // optional, for authenticated tier baseUrl: "https://api.studyplug.org", // default, override for self-hosted timeout: 30000, // request timeout in ms (default: 30s) maxRetries: 2, // retries on 429 responses (default: 2)});See Rate Limits for details on how the SDK handles 429 responses automatically.