Authentication
All API requests require authentication via an API key.
Using your API key
Pass your API key in the Authorization header as a Bearer token:
curl -H "Authorization: Bearer your-api-key" \
https://demo.stellarpassport.xyz/api/v1/buildersKey security
- Never expose your API key in client-side code — always make API calls from your server
- Don’t commit keys to version control — use environment variables
- Rotate keys if you suspect they’ve been compromised — email hi@bastiankoh.com to request a new key
Errors
| Status | Meaning |
|---|---|
401 | Missing or invalid API key |
403 | Valid key but insufficient permissions |
429 | Rate limit exceeded — wait and retry |
A 401 response looks like:
{
"error": "Invalid or missing API key"
}A 429 response includes a Retry-After header indicating how many seconds to wait.
Last updated on