Authentication

API keys

All requests to protected routes require a valid API key sent in one of two headers:

http

X-API-Key: your_api_key

http

Authorization: Bearer your_api_key

Get a key

Email andrew@coda-tech.co to request access.

Sending the key

HTTP header

bash

curl https://api.coda-tech.net/api/v1/developer/pricing/pokemon-sws07-umbreon-vmax-alt-art-secret \
  -H "X-API-Key: your_api_key"

Authorization Bearer

bash

curl https://api.coda-tech.net/api/v1/developer/pricing/pokemon-sws07-umbreon-vmax-alt-art-secret \
  -H "Authorization: Bearer your_api_key"

Python

python

import httpx

r = httpx.get(
    "https://api.coda-tech.net/api/v1/developer/pricing/pokemon-sws07-umbreon-vmax-alt-art-secret",
    headers={"X-API-Key": "your_api_key"},
)
r.raise_for_status()
data = r.json()

What keys can do

API keys are read-only. GET and HEAD are allowed. Any write method (POST, PUT, PATCH, DELETE) returns 403.

The /health endpoint requires no key. All developer pricing routes always require a valid key.

Error responses

HTTP	Meaning
`401`	Missing or invalid API key
`403`	Valid key, method not allowed
`429`	Rate limited - back off and retry

json

{ "detail": "Invalid or missing API key" }

Rate limits

Developer pricing routes share a rate-limit bucket. If you hit 429, implement exponential backoff. Contact us if your workload needs higher throughput.

Authentication ​

API keys ​

Sending the key ​

HTTP header ​

Authorization Bearer ​

Python ​

What keys can do ​

Error responses ​

Rate limits ​