Docs/Getting started/Authentication

Authentication

Pass your key in the x-api-key header.

Authenticate by sending your API key in the x-api-key header (or Authorization: Bearer <key>).

curl https://www.quanaris.com/v1/token/C7heQqfNzdMbUFQwcHkL9FvdwsFsDRBnfwZDDyWYCLTZ/overview \
  -H "x-api-key: qnr_live_…"

Public vs keyed endpoints

Public — all /v1/token/* reads, market & discovery, search. These work with or without a key today; passing a key identifies your tenant (per-plan rate limits and usage metering are rolling out — see Plans).
Keyed — account (/v1/me, /v1/keys) and subscriptions (/v1/tokens/register, …). These return 401 unauthorized without a valid key.

Key hygiene

Keys are shown once at creation and are otherwise unrecoverable. The prefix is qnr_live_. Rotate from the dashboard; a revoked key stops working immediately.

Never ship a live key in client-side code. Proxy keyed calls through your backend.

← PreviousQuickstart Next →Making requests