API Key Authentication
All API endpoints (except /health) require an API key passed via the x-api-key header.
curl -H "x-api-key: YOUR_API_KEY" \
"https://api.ahamflow.dev/api/v1/edgar/filings?ticker=AAPL"
Getting a Key
- Sign up at ahamflow.dev
- Your API key is provided after account creation
- Store it in an environment variable — never hardcode it
Security Best Practices
Never expose your API key in client-side code, public repositories, or browser requests.
Always call the API from your backend server.
- Store keys in environment variables or a secrets manager
- Rotate keys periodically
- Use separate keys for development and production
- Never commit keys to version control
Error Responses
| Status | Meaning |
|---|
401 Unauthorized | Missing or invalid API key |
429 Too Many Requests | Rate limit exceeded |
{
"error": "unauthorized"
}
