Skip to main content

API Key Authentication

All API requests require authentication using an API key. Include your API key in the Authorization header using the Bearer scheme. 
Authorization: Bearer YOUR_API_KEY
Keep your API key secure and never expose it in client-side code or public repositories.

Getting Your API Key

To obtain API access and receive your authentication credentials:
  1. Visit the API Access Request page
  2. Fill out the request form with your use case details
  3. Our sales team will contact you to set up your account
  4. You’ll receive your API key via secure email

Request API Access

Contact our sales team to get started

Using Your API Key

cURL Example

curl -X POST https://api.fintool.com/v2/chat \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "messages": [
      {"role": "user", "content": "What was Tesla revenue in Q4 2024?"}
    ]
  }'

Python Example

import requests

API_KEY = "your_api_key_here"

headers = {
    "Authorization": f"Bearer {API_KEY}",
    "Content-Type": "application/json"
}

url = "https://api.fintool.com/v2/chat"
payload = {
    "messages": [
        {"role": "user", "content": "What was Tesla revenue in Q4 2024?"}
    ]
}

response = requests.post(url, headers=headers, json=payload)
print(response.json())

JavaScript Example

const API_KEY = 'your_api_key_here';

const response = await fetch('https://api.fintool.com/v2/chat', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${API_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    messages: [
      { role: 'user', content: 'What was Tesla revenue in Q4 2024?' }
    ]
  })
});

const data = await response.json();
console.log(data);

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}

Best Practices

Use environment variables or secure credential management systems to store your API keys. Never hardcode them in your application code.
Request separate API keys for development, staging, and production environments to maintain security and easier key rotation.
Keep track of your API usage to detect any unusual activity that might indicate a compromised key.
Periodically rotate your API keys as a security best practice. Contact our support team to request new keys.

Rate Limits

API rate limits vary based on your subscription plan. Contact our sales team to discuss your expected usage and appropriate limits.
Rate limit information is included in the response headers:
  • X-RateLimit-Limit: Maximum requests per time window
  • X-RateLimit-Remaining: Remaining requests in current window
  • X-RateLimit-Reset: Time when the rate limit resets