Authentication
Overview
Two auth methods: API Key for data endpoints, JWT Token for account management.
API Key Authentication
Used for Company, Market, and Options endpoints. Include in every request:
GET/market/stocks/AAPL_NASDAQ/quote
curl -X GET "https://api.apps.myallies.com/v1/market/stocks/AAPL_NASDAQ/quote" \
-H "X-Api-Key: YOUR_API_KEY"Getting Your API Key
Register an account to receive your key immediately:
POST/account/register
curl -X POST "https://api.apps.myallies.com/v1/account/register" \
-H "Content-Type: application/json" \
-d '{
"email": "demo@myallies.com",
"password": "demo"
}'Response
{
"success": true,
"data": {
"userId": 42,
"email": "demo@myallies.com",
"apiKey": "ma_live_k8x2mN4pQ7...",
"tier": "free",
"message": "Account created. Store your API key securely."
}
}Your API key is only shown once. Store it securely.
JWT Token Authentication
Used for account management (list/create/revoke API keys). Login to get a token:
POST/account/login
curl -X POST "https://api.apps.myallies.com/v1/account/login" \
-H "Content-Type: application/json" \
-d '{
"email": "demo@myallies.com",
"password": "demo"
}'Response
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"userId": 42,
"email": "demo@myallies.com"
}
}Then use it in the Authorization header:
curl -X GET "https://api.apps.myallies.com/v1/account/keys" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."Which Method to Use
| Header | Endpoints | When |
|---|---|---|
X-Api-Key | Company, Market, Options | Fetching data (quotes, search, chains) |
Authorization: Bearer | Account | Managing keys, account info |
Common Errors
| Code | Cause | Fix |
|---|---|---|
401 | Missing or invalid API key | Check X-Api-Key header |
401 | Expired JWT token | Login again for a new token |
403 | Key revoked or insufficient tier | Generate new key or upgrade |
Security
- Store keys in environment variables, never in source code
- Always use HTTPS
- Use separate keys per application
- Revoke compromised keys immediately
- Never commit keys to public repositories