Skip to main content

Authentication

SkinPricer uses API-key authentication. Send your key as an Authorization: ApiKey <key> header on every request. The one exception is Market Health, which is open and needs no key.

Most endpoints are key-gated: pricing, NBBO, depth, history, recommendations, arbitrage, and float data all require an API key. Send it in the Authorization header on every request. Two header forms are accepted, so most HTTP clients work unchanged:

Authorization: ApiKey <key>Preferred.
Authorization: Bearer <key>Also accepted, for OAuth-style clients.

Getting a key

Create an account, then mint a key from your API keys page. Each key inherits your plan's rate limits and monthly quota. Issue as many as you need, for example one per environment, and revoke any of them without affecting the others.

Public vs key-gated

Almost every endpoint is key-gated. The one exception is market health, which is open (no key) and limited by IP. See Which endpoint do I need? for the full map.

When the header is missing or wrong

401No key, or a malformed Authorization header.
403Valid key, but your plan does not include this endpoint.

Keeping your key safe

Treat the key like a password. Call the API from your server, never from client-side code where the key would be exposed. Rotate a key the moment it leaks, and keep separate keys per environment so revoking one never causes downtime.

Usage & licensing

Access to the API and its data is governed by our Terms of Service. You may not resell or redistribute the data, use it to build a competing service, or exceed your plan’s rate limits, and you must attribute SkinPricer as the source wherever the Terms permit you to display it. Abuse may be throttled or suspended.