FocusAlphaDocs
Get key
Overview

Authentication

Every request is authenticated with an API key sent as a bearer token. Your key identifies your account and is the basis for usage metering and rate limits.

API keys#

Keys are prefixed with fa_live_. The prefix lets you recognize a FocusAlpha key at a glance; the remainder is a high-entropy secret. We store only a hash of your key — if you lose it, you rotate rather than recover it.

Getting a key#

API access is paid. Keys are issued by our team — contact us and we’ll get you set up the same day.

Authenticating a request#

Pass the key in the Authorization header using the Bearer scheme:

curl
curl https://api.focusalpha.ai/v1/retrieve \
  -H "Authorization: Bearer fa_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{ "query": "buyback authorization" }'

An X-API-Key header is also accepted for clients that can’t set Authorization:

curl
curl https://api.focusalpha.ai/v1/retrieve \
  -H "X-API-Key: fa_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{ "query": "buyback authorization" }'
Keep keys server-side
Never embed an API key in a browser, mobile app, or any client you ship to users — it grants full access to your quota. Call the API from your backend and proxy results to your frontend. If a key is exposed, contact us to rotate it immediately.

Errors#

A missing, malformed, or revoked key returns 401 Unauthorized in the standard error envelope:

401.json
{
  "success": false,
  "error": {
    "statusCode": 401,
    "message": "Invalid or missing API key",
    "error": "Unauthorized",
    "path": "/v1/retrieve",
    "timestamp": "2026-05-30T12:00:00.000Z"
  }
}

Exceeding your rate limit returns 429 Too Many Requests. See Errors for the full list of status codes.

Rotation#

You can hold multiple keys and revoke any of them independently — useful for rotating without downtime: issue a new key, deploy it, then revoke the old one. Revocation takes effect immediately. Contact us to issue or revoke keys.