Intended Use

This API is intended exclusively for:

  • Content owners accessing their own Substack publication data
  • Applications authorized by publication owners to interact with their content
  • Legitimate integrations with Substack publications by copyright holders

This API is not intended for:

  • Unauthorized scraping of Substack content
  • Accessing publications without explicit permission from the content owner
  • Mass collection or aggregation of Substack content without authorization

Violation of these usage guidelines may result in immediate API access termination.

Rate Limits

EndpointRate Limit
/posts/latest10 requests per minute
/posts/top10 requests per minute
/posts/search20 requests per minute
/post15 requests per minute
  • Production API keys use the limits shown above, while test API keys are limited to 3 requests per minute for all endpoints.
  • Rate limits are tracked by the client’s IP address, not by API key.
  • Exceeding these limits will result in a 429 Too Many Requests response.

Authentication

Authentication is handled via the X-API-Key header. Each API key is linked to one Substack publication and can only access its data.

API Key Format

  • Production keys start with sk_live_
  • Test keys start with sk_test_

Using Your API Key

Include your API key in all requests using the X-API-Key header:

curl https://api.substackapi.dev/api_key/validate \
-H "X-API-Key: sk_live_your_key_here"