Authentication
All FinBrain API v2 requests require authentication using your API key. The v2 API supports multiple authentication methods for flexibility and backward compatibility.
Authentication Methods
Section titled “Authentication Methods”The API checks for credentials in the following order of precedence:
1. Authorization Header (Recommended)
Section titled “1. Authorization Header (Recommended)”Pass your API key as a Bearer token in the Authorization header:
Authorization: Bearer YOUR_API_KEYThis is the recommended method for all new integrations. It keeps credentials out of URLs and is compatible with standard HTTP tooling.
2. X-API-Key Header
Section titled “2. X-API-Key Header”Pass your API key in the X-API-Key header:
X-API-Key: YOUR_API_KEY3. Query Parameter
Section titled “3. Query Parameter”Pass your API key as the apiKey query parameter:
https://api.finbrain.tech/v2/predictions/daily/AAPL?apiKey=YOUR_API_KEY4. Legacy Query Parameter (v1 Backward Compatibility)
Section titled “4. Legacy Query Parameter (v1 Backward Compatibility)”The v1 token query parameter is still supported for backward compatibility:
https://api.finbrain.tech/v2/predictions/daily/AAPL?token=YOUR_API_KEYExample
Section titled “Example”curl -H "Authorization: Bearer YOUR_API_KEY" \ "https://api.finbrain.tech/v2/predictions/daily/AAPL"import requests
headers = {"Authorization": "Bearer YOUR_API_KEY"}
response = requests.get( "https://api.finbrain.tech/v2/predictions/daily/AAPL", headers=headers)
data = response.json()print(data)const API_KEY = "YOUR_API_KEY";
const response = await fetch( "https://api.finbrain.tech/v2/predictions/daily/AAPL", { headers: { "Authorization": `Bearer ${API_KEY}` } });
const data = await response.json();console.log(data);Getting an API Key
Section titled “Getting an API Key”- Visit finbrain.tech
- Create an account or sign in
- Navigate to your account dashboard
- Copy your API key
Authentication Errors
Section titled “Authentication Errors”401 Unauthorized
Section titled “401 Unauthorized”Returned when the API key is missing or invalid.
Response:
{ "success": false, "error": { "code": "UNAUTHORIZED", "message": "Invalid or missing API key" }}Common causes:
- Missing API key in the request
- Typo in the API key
- Using an expired or revoked API key
403 Forbidden
Section titled “403 Forbidden”Returned when the API key is valid but lacks permission for the requested resource.
Response:
{ "success": false, "error": { "code": "FORBIDDEN", "message": "Access denied for this resource" }}Common causes:
- Endpoint not included in your subscription tier
- Account suspended
- Accessing a restricted resource
429 Too Many Requests
Section titled “429 Too Many Requests”Returned when rate limits are exceeded.
Response:
{ "success": false, "error": { "code": "RATE_LIMIT_EXCEEDED", "message": "Rate limit exceeded. Please slow down." }}Rate Limiting
Section titled “Rate Limiting”The v2 API includes rate limit information in every response via HTTP headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per hour |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Time when rate limit resets (ISO 8601) |
Example response headers:
X-RateLimit-Limit: 1000X-RateLimit-Remaining: 847X-RateLimit-Reset: 2026-03-09T15:00:00ZWhen you exceed the rate limit, the API returns a 429 Too Many Requests response. Use the X-RateLimit-Reset header to determine when you can resume making requests.
Rate Limit Tiers
Section titled “Rate Limit Tiers”| Tier | Requests/Hour |
|---|---|
| Free | 100 |
| Basic | 1,000 |
| Professional | 10,000 |
| Enterprise | Custom |
Security Best Practices
Section titled “Security Best Practices”Environment Variables
Section titled “Environment Variables”Never hardcode your API key. Use environment variables:
import osimport requests
api_key = os.environ.get("FINBRAIN_API_KEY")headers = {"Authorization": f"Bearer {api_key}"}
response = requests.get( "https://api.finbrain.tech/v2/predictions/daily/AAPL", headers=headers)const API_KEY = process.env.FINBRAIN_API_KEY;
const response = await fetch( "https://api.finbrain.tech/v2/predictions/daily/AAPL", { headers: { "Authorization": `Bearer ${API_KEY}` } });export FINBRAIN_API_KEY="your_api_key_here"curl -H "Authorization: Bearer $FINBRAIN_API_KEY" \ "https://api.finbrain.tech/v2/predictions/daily/AAPL".env Files
Section titled “.env Files”For local development, use a .env file:
FINBRAIN_API_KEY=your_api_key_hereAdd .env to your .gitignore:
.envProduction Secrets
Section titled “Production Secrets”In production, use your platform’s secrets management:
- AWS: Secrets Manager or Parameter Store
- Google Cloud: Secret Manager
- Azure: Key Vault
- Heroku: Config Vars
- Vercel: Environment Variables
Additional Security Tips
Section titled “Additional Security Tips”- Never commit API keys to version control
- Don’t expose keys in client-side code - use a backend proxy
- Rotate keys periodically - especially after team member changes
- Use different keys for development and production
- Monitor usage - check for unexpected API call patterns
- Prefer header-based auth - query parameters can leak in server logs and browser history