NEW MATCH
Main site
Authentication
Authenticate requests with an API key in the Authorization header.
Header format
HTTP
Copy
Authorization:
Bearer
<api-key>
Best practices
- Keep keys only on your backend
- Rotate keys on a regular schedule
- Revoke and regenerate if leakage is suspected
- Never expose keys in client-side JavaScript
Common auth errors
- 401 Unauthorized: invalid or missing key
- 403 Forbidden: key lacks required scope or account access