Authorization header. All API calls must be made over HTTPS — calls without authentication fail with a 401.
State scoping
API keys are scoped to specific states. To make an API call for a particular state, your key must be scoped to that state and your account must be subscribed to it.
See Supported States for the current list.
Billing and security
- Don’t share your key in publicly accessible places such as GitHub, client-side code, or support tickets.
- Only share your key with people you trust.
- Rotate a key immediately from the Dashboard if you believe it has been exposed.