Authentication is handled with a simple API key.

They’re free for development, open-source, and non-commercial use, and you can get one here: get API key.

You can attach your API key to a request in one of three ways:

  • Via the apiKey querystring parameter.
  • Via the X-Api-Key HTTP header.
  • Via the Authorization HTTP header. Bearer optional, do not base 64 encode.

We strongly recommend the either of latter 2 so that your API key isn’t visible to others in logs or request sniffing.

If you don’t append your API key correctly, or your API key is invalid, you will receive a 401 - UnauthorizedHTTP error.