API Authentication - API Key & JWT Auth | MyAllies API

Overview

Two auth methods: API Key for data endpoints, JWT Token for account management.

API Key Authentication

Used for Company, Market, and Options endpoints. Include in every request:

GET/market/stocks/AAPL_NASDAQ/quote

curl -X GET "https://api.apps.myallies.com/v1/market/stocks/AAPL_NASDAQ/quote" \
  -H "X-Api-Key: YOUR_API_KEY"

Getting Your API Key

POST/account/register

curl -X POST "https://api.apps.myallies.com/v1/account/register" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "demo@myallies.com",
    "password": "demo"
  }'

Response

{
  "success": true,
  "data": {
    "userId": 42,
    "email": "demo@myallies.com",
    "apiKey": "ma_live_k8x2mN4pQ7...",
    "tier": "free",
    "message": "Account created. Store your API key securely."
  }
}

Your API key is only shown once. Store it securely.

JWT Token Authentication

Used for account management (list/create/revoke API keys). Login to get a token:

POST/account/login

curl -X POST "https://api.apps.myallies.com/v1/account/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "demo@myallies.com",
    "password": "demo"
  }'

Response

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIs...",
    "userId": 42,
    "email": "demo@myallies.com"
  }
}

Then use it in the Authorization header:

curl -X GET "https://api.apps.myallies.com/v1/account/keys" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Which Method to Use

Header	Endpoints	When
`X-Api-Key`	Company, Market, Options	Fetching data (quotes, search, chains)
`Authorization: Bearer`	Account	Managing keys, account info

Common Errors

Code	Cause	Fix
`401`	Missing or invalid API key	Check `X-Api-Key` header
`401`	Expired JWT token	Login again for a new token
`403`	Key revoked or insufficient tier	Generate new key or upgrade

Security

Store keys in environment variables, never in source code
Always use HTTPS
Use separate keys per application
Revoke compromised keys immediately
Never commit keys to public repositories