Authorization

All requests to the First Street API requires an API Key. There are two ways to send an API key with your request: Through URL parameters or through an Authorization header.

URL Parameter

Provide key=<your-api-key> at the end or start of every request.

curl "https://api.firststreet.org/v1/apikey?key={api-key}"

Authorization Header

Provide Authorization as a header value with Bearer <your-api-key> as the value.

curl "https://api.firststreet.org/v1/apikey" -H "Authorization: Bearer {api-key}"

How to Ensure Your API Key Is Secure

As your API key provides direct access to the data and is tied directly to your account. Please ensure you are taking all necessary precautions to secure it. When you use API keys in your applications, ensure they are kept secure.

Publicly exposing your key can result in your account being compromised, which could lead to unexpected charges to your account.

To help keep your API keys secure, follow these best practices:

• Do not embed API keys directly in code.

• Do not store API keys in files inside your application’s source tree.

• Set up application and API key restrictions.

• Delete unneeded API keys to minimize exposure to attacks.

• Regenerate your API keys periodically.

• Review your code before publicly releasing it.