Authentication
API key management and best practices
Getting an API Key
- Go to /subscribe
- Enter your email address
- Select your plan (Free, Developer, Professional)
- Receive API key via email
Using Your API Key
Include your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEY
cURL Example
curl -H "Authorization: Bearer fo_live_abc123..." \
https://feedoracle.io/api/v1/carbon/chains
Python Example
import requests
headers = {"Authorization": "Bearer fo_live_abc123..."}
response = requests.get(
"https://feedoracle.io/api/v1/carbon/chains",
headers=headers
)
JavaScript Example
fetch("https://feedoracle.io/api/v1/carbon/chains", {
headers: { "Authorization": "Bearer fo_live_abc123..." }
})
API Key Format
| Prefix | Environment | Example |
|---|
fo_live_ | Production | fo_live_abc123xyz... |
fo_test_ | Sandbox | fo_test_def456uvw... |
Key Security
Never expose API keys:
- Don't commit keys to Git repositories
- Don't include in client-side JavaScript
- Don't share in public forums or tickets
Best Practices
- Environment variables: Store keys in
.env files
- Secrets manager: Use AWS Secrets, HashiCorp Vault, etc.
- Rotate regularly: Regenerate keys every 90 days
- Separate keys: Use different keys for dev/staging/prod
- Monitor usage: Check dashboard for unusual activity
Key Management
| Action | How |
|---|
| View usage | Dashboard → API Keys → Usage |
| Regenerate key | Dashboard → API Keys → Regenerate |
| Revoke key | Dashboard → API Keys → Revoke |
| Create new key | Dashboard → API Keys → Create |
Authentication Errors
| Error | Cause | Solution |
|---|
| 401 Missing header | No Authorization header | Add Bearer token |
| 401 Invalid key | Key not recognized | Check for typos |
| 401 Expired key | Subscription ended | Renew plan |
| 403 Forbidden | Key lacks permission | Upgrade plan |