To access protected endpoints, include your API token in the Authorization header as a bearer token.
Authorization: Bearer YOUR_API_KEY
Use the root auth endpoint GET / to quickly validate a token.
Validate token
curl -X GET "https://api.osint.ly" \
-H "Authorization: Bearer YOUR_API_KEY"
{
"message": "Authorization Valid",
"help": "https://docs.osint.ly/api-reference/quick-start"
}
Security Best Practices
- Never commit API keys to git repositories
- Store tokens in environment variables
- Use separate keys for development and production
- Rotate keys immediately after suspected exposure
If a token is exposed, revoke and replace it before any new deployment.
Next Steps
Continue with Quick Start to create and stream your first search. 
