3 min read
Authentication
All API requests require authentication via an API key passed in the request header.
Request Header
Include your API key in the X-API-Key header of every request:
header
X-API-Key: YOUR_API_KEYExample
cURL
curl -H "X-API-Key: clw_live_a1b2c3d4e5f6" \
"https://tickatlas.com/v1/indicator?symbol=EURUSD&indicator=RSI_14&timeframe=H1"Getting Your API Key
- Sign up or log in to your TickAtlas dashboard
- Navigate to API Keys in the sidebar
- Click Create New Key
- Give it a descriptive label (e.g., "Production Bot", "Development")
- Set permissions and optional IP whitelist
- Copy and securely store your key — it's only shown once
Key Permissions
Each API key can be scoped to specific endpoint groups:
| Scope | Endpoints |
|---|---|
| quotes | /quote, /quotes, /symbols |
| indicators | /indicator, /indicators, /screener |
| historical | /ohlc, /ticks |
| premium | /summary, /multi, /heatmap |
| all | All endpoints |
IP Whitelisting
For production environments, restrict each key to specific IP addresses or CIDR ranges.
Requests from non-whitelisted IPs will receive a 403 Forbidden response.
Important: If you lock yourself out by setting an incorrect IP whitelist, use the dashboard to update or remove the restriction.
Security Best Practices
Store API keys in environment variables, never in source code
Use separate keys for development, staging, and production
Enable IP whitelisting for production keys
Set key expiration dates and rotate keys regularly
Use the minimum required permissions for each key
Regenerate compromised keys immediately from the dashboard