Authentication
All MarketPulse API requests require Bearer tokens. This guide explains how to issue, store, and use tokens when your frontend talks directly to self-hosted services.
API Tokens
API tokens are generated from your dashboard. Each token is tied to your account and inherits the rate limits and permissions your own backend assigns to that account.
Token Format
Tokens are prefixed with mp_live_ for production and mp_test_ for sandbox environments.
Using Tokens
Include your API token in the Authorization header using Bearer authentication:
# HTTP Header
Authorization: Bearer mp_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ123456
Code Examples
JavaScript / Node.js
const response = await fetch(
'https://api.marketpulse.io/v1/quotes/latest',
{
headers: {
'Authorization': 'Bearer ' + API_TOKEN,
'Content-Type': 'application/json'
}
}
);
const data = await response.json();Python
import requests
headers = {
'Authorization': f'Bearer {API_TOKEN}',
'Content-Type': 'application/json'
}
response = requests.get(
'https://api.marketpulse.io/v1/quotes/latest',
headers=headers
)
data = response.json()cURL
curl -X GET "https://api.marketpulse.io/v1/quotes/latest" \ -H "Authorization: Bearer YOUR_API_TOKEN" \ -H "Content-Type: application/json"
Frontend Storage Notes
- Use browser-held tokens intentionally. For this static-first frontend, tokens may be stored in the browser for dashboard and docs playground usage.
- Never bake tokens into static assets. Keep tokens out of source control, HTML, and public JavaScript bundles.
- Rotate tokens regularly. Generate new tokens periodically and revoke old ones.
- Restrict origins and scope on the backend. The frontend can be static, but your backend should still enforce CORS, scope, and rate limits.
Next up
Quotes API