Authentication
Learn how to authenticate your API requests to SecBlast
Authentication Methods
SecBlast API supports multiple authentication methods depending on the endpoint type:
API Key Authentication
Used for public data endpoints and server-to-server communication.
Bearer Token (Auth0)
Required for user-specific endpoints and personalized features.
API Key Authentication
Getting Your API Key
You can generate and manage API keys from your Developer Dashboard. Free accounts include 1,000 API calls per month.
Methods of Passing API Key
Method 1: Query Parameter
Add your API key as a query parameter. Simple but visible in logs.
curl "https://api.secblastapi.com/v1/lookup?ticker=AAPL&api_key=your_api_key_here"
Method 2: Header (Recommended)
Pass your API key in the X-API-Key header. More secure as it's not visible in URLs.
curl -H "X-API-Key: your_api_key_here" \"https://api.secblastapi.com/v1/lookup?ticker=AAPL"
Example Usage
# Using API key as query parametercurl "https://api.secblastapi.com/v1/lookup?ticker=AAPL&api_key=your_api_key_here"# Using API key in header (recommended)curl -H "X-API-Key: your_api_key_here" \"https://api.secblastapi.com/v1/lookup?ticker=AAPL"
Bearer Token Authentication
User-specific endpoints require authentication via Auth0 Bearer tokens. These endpoints manage personal data like favorites, alerts, and usage history.
Obtaining Bearer Tokens
Bearer tokens are automatically managed when using our web interface. For programmatic access, implement Auth0 OAuth2 flow or use our SDKs.
Using Bearer Tokens
# Using Bearer token for authenticated endpointscurl -H "Authorization: Bearer your_id_token_here" \"https://api.secblastapi.com/auth/favorites/get"
Endpoints Requiring Bearer Token
/auth/favorites/*/auth/history/*/auth/saved-links/*/auth/notifications/*/auth/alert_triggers/*/auth/api_keys/*/auth/usage_limits/auth/subscription/*Code Examples
Python
import requests# Initialize with your API keyapi_key = "your_api_key_here"base_url = "https://api.secblastapi.com"# Method 1: API key in query paramsresponse = requests.get(f"{base_url}/v1/lookup",params={"ticker": "AAPL","api_key": api_key})# Method 2: API key in headers (recommended)response = requests.get(f"{base_url}/v1/lookup",params={"ticker": "AAPL"},headers={"X-API-Key": api_key})# Method 3: Bearer token for user endpointsid_token = "your_auth0_id_token"response = requests.get(f"{base_url}/auth/favorites/get",headers={"Authorization": f"Bearer {id_token}"})
JavaScript/Node.js
// Using fetch with API keyconst apiKey = 'your_api_key_here';// Method 1: API key in URLconst response = await fetch(`https://api.secblastapi.com/v1/lookup?ticker=AAPL&api_key=${apiKey}`);// Method 2: API key in headers (recommended)const response = await fetch('https://api.secblastapi.com/v1/lookup?ticker=AAPL',{headers: {'X-API-Key': apiKey}});// Method 3: Bearer token for authenticated endpointsconst idToken = 'your_auth0_id_token';const response = await fetch('https://api.secblastapi.com/auth/favorites/get',{headers: {'Authorization': `Bearer ${idToken}`}});
Best Practices
Do's
- ✓ Store API keys in environment variables
- ✓ Use HTTPS for all API requests
- ✓ Rotate API keys regularly
- ✓ Use header authentication when possible
- ✓ Implement proper error handling
- ✓ Cache responses when appropriate
Don'ts
- ✗ Never expose API keys in client-side code
- ✗ Don't commit API keys to version control
- ✗ Avoid hardcoding keys in source code
- ✗ Don't share API keys between environments
- ✗ Never log API keys in production
- ✗ Don't use API keys in URLs for sensitive data
Authentication Errors
{"error": "Invalid API key","status": 401}
{"error": "API key does not have access to this endpoint","status": 403}
{"error": "Rate limit exceeded. Please try again later.","status": 429,"retry_after": 3600}
Ready to Authenticate?
Get your API key and start making authenticated requests to SecBlast API.