Authentication
All requests are authenticated with a bearer token sent in the Authorization header. The API does not use OAuth, sessions, or per-request signing.
Header format
Authorization: Bearer YOUR_KEYRequests without this header return 401 Unauthorized. Invalid keys return 401 with { "error": { "code": "unauthorized" } } in the response body. See errors for the full envelope.
Quickstart
Confirm a key is active by requesting any tracked ticker.
curl "https://api.tickerbot.io/v2/tickers/AAPL" \
-H "Authorization: Bearer YOUR_KEY"A 200 indicates the key is valid. 401 indicates the key is missing or invalid; 403 indicates the key is valid but the requested capability is not included in the key's plan.
Issuing keys
Keys are issued from the dashboard at tickerbot.io/api. The first key is shown after checkout; additional keys (for staging, CI, or per-environment isolation) are created from the dashboard.
Rate limits are per-key. Created resources — webhook subscriptions, custom signals, universes — are account-scoped: every key on the same account sees the same registry. Rotating a key never strands those resources.
Plans and rate limits
Per-key rate limits and per-plan capacity (universes, webhooks, history depth) are documented in one place: tickerbot.io/pricing. Sign up and you’re on a 14-day free trial with every feature included. No credit card required.
Handling keys
- Keys are credentials. Do not commit them to source control, embed them in mobile applications, or include them in browser bundles.
- Use separate keys for staging and production environments.
- Revoke exposed keys from the dashboard. Revocation takes effect immediately.