All API requests require a Bearer token in the Authorization header.
Authorization: Bearer sig_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Prefix | Environment | Description |
|---|
sig_live_ | Production | Live data, rate-limited per plan |
sig_test_ | Test mode | Sandbox data, relaxed limits |
401 before any database lookup.
Scopes
Each API key has one or more scopes that control what it can access:
| Scope | Grants Access To |
|---|
search:read | Search and suggest endpoints |
trademarks:read | Trademark, entity, reference, proceeding GET endpoints |
events:read | Event stream endpoints |
portfolios:manage | Portfolio, saved search, watch, alert CRUD |
api-keys:manage | API key rotation and management |
Security Best Practices
Never expose your API key in client-side code, public repositories, or browser requests. Always make API calls from your server.
- Rotate keys regularly using the API key endpoints
- Use the minimum scopes needed for each key
- Set expiration dates on keys used for temporary integrations
- Monitor usage in the dashboard for unexpected patterns
