Authentication
All API requests require a Bearer token. Authenticate by including your API key in the Authorization header.
API Keys
Create keys at dashboard → API Keys. Each key:
- Starts with prefix
oac_live_ - Is shown once at creation — store it immediately
- Belongs to a user with an active subscription (Free or Pro)
Making authenticated requests
curl -H "Authorization: Bearer oac_live_YOUR_KEY_HERE" \
https://openapi.city/api/v1/me
Response:
{
"email": "you@example.com",
"plan": "free",
"monthly_limit": 100,
"usage_this_month": 42
}
Key security
- Never embed API keys in client-side code (JavaScript, mobile apps)
- Use environment variables or secrets management
- Rotate keys if compromised — delete old key, create new one
Key rotation
- Create a new key in the dashboard
- Update your application to use the new key
- Delete the old key
There is no downtime during rotation — both keys work until the old one is deleted.
Errors
| Status | Meaning |
|---|---|
401 |
Missing or invalid API key |
401 |
Key prefix not found (typo in key) |
Next: API Overview →