Authentication

API Key Authentication

Every request must include a valid API key passed as the api_key query parameter. Keys are issued through insight.apeek.io.

Passing your key

Append api_key to the query string of every request:

GET /api/v1/economic-data/ui_weekly_claims?series=initial_claims_sa&date_from=2025-01-01&date_to=2026-01-01&api_key=your_api_key_here

If the key is missing, empty, invalid, or revoked, the API returns 401 Unauthorized:

{"detail": {"error": "invalid_api_key", "revoked": false}}

When a previously valid key has been revoked, the response includes "revoked": true.

Rate limits

Each API key is subject to the following rate limits:

• 100 requests per minute
• 10,000 requests per day

When a limit is exceeded the API returns 429 Too Many Requests with details about the remaining quota and reset timers:

{
  "detail": {
    "error": "minute_limit_exceeded",
    "minute_remaining": 0,
    "minute_reset": 42,
    "day_remaining": 120,
    "day_reset": 36000
  }
}

Rate limit response fields

• error — Either minute_limit_exceeded or day_limit_exceeded
• minute_remaining — Requests remaining in the current minute window
• minute_reset — Seconds until the per-minute window resets
• day_remaining — Requests remaining in the current daily window
• day_reset — Seconds until the daily window resets

Security best practices

• Never expose your API key in client-side code or public repositories.
• Store your key in environment variables or a secrets manager.
• Rotate your key immediately at insight.apeek.io if you suspect it has been compromised.
• Keep requests server-side. Avoid embedding the key in browser JavaScript or mobile apps.