Authentication
API key management and best practices
API Base URLs
| Endpoint | URL | Use Case |
|---|---|---|
| Enterprise API | https://api.feedoracle.io | Recommended for production |
| Standard API (deprecated) | https://feedoracle.io/api | Legacy - sunsets 2026-06-30 |
Migration Notice: The legacy host
https://feedoracle.io/api/* is deprecated and will sunset on 2026-06-30. Please migrate to https://api.feedoracle.io.Enterprise Endpoint: Dedicated subdomain with SSL, rate limiting (10 req/s + burst 20), and DDoS protection.
Getting an API Key
- Go to /subscribe
- Enter your email address
- Select your plan (Free, Developer, Professional)
- Receive API key via email
Using Your API Key
Include your API key in the X-API-Key header:
X-API-Key: YOUR_API_KEY
cURL Example
curl -H "X-API-Key: fo_live_abc123..." \ https://api.feedoracle.io/api/v1/carbon/chains
Python Example
import requests
headers = {"X-API-Key": "fo_live_abc123..."}
response = requests.get(
"https://api.feedoracle.io/api/v1/carbon/chains",
headers=headers
)
JavaScript Example
fetch("https://api.feedoracle.io/api/v1/carbon/chains", {
headers: { "X-API-Key": "fo_live_abc123..." }
})
API Key Format
| Prefix | Environment | Example |
|---|---|---|
fo_live_ | Production | fo_live_abc123xyz... |
fo_test_ | Sandbox | fo_test_def456uvw... |
Postman Users: The Postman collection and all customer integrations should use
X-API-Key header. Bearer auth is not supported.
Key Security
Never expose API keys:
- Don't commit keys to Git repositories
- Don't include in client-side JavaScript
- Don't share in public forums or tickets
Best Practices
- Environment variables: Store keys in
.envfiles - Secrets manager: Use AWS Secrets, HashiCorp Vault, etc.
- Rotate regularly: Regenerate keys every 90 days
- Separate keys: Use different keys for dev/staging/prod
- Monitor usage: Check dashboard for unusual activity
Key Management
| Action | How |
|---|---|
| View usage | Dashboard → API Keys → Usage |
| Regenerate key | Dashboard → API Keys → Regenerate |
| Revoke key | Dashboard → API Keys → Revoke |
| Create new key | Dashboard → API Keys → Create |
Authentication Errors
| Error | Cause | Solution |
|---|---|---|
| 401 Missing header | No X-API-Key header | Add X-API-Key header |
| 401 Invalid key | Key not recognized | Check for typos |
| 401 Expired key | Subscription ended | Renew plan |
| 403 Forbidden | Key lacks permission | Upgrade plan |
Vendor Readiness / Controls
| Primary API | https://api.feedoracle.io |
| Legacy Host | https://feedoracle.io/api/* (temporary) |
| Deprecation | Deprecation: true (legacy only) |
| Sunset | Tue, 30 Jun 2026 00:00:00 GMT |
| Canonical | Link: <https://api.feedoracle.io\$request_uri>; rel="canonical" |
| Auth | X-API-Key required for protected endpoints |
| Expected 401 | Missing/invalid key returns 401 by design |
| Health | GET https://api.feedoracle.io/health |
| Support | https://feedoracle.io/contact.html |
Need help? Contact support@feedoracle.io with your
request_id.