Authentication

Coming soon. API access (including key generation) isn’t open to the public yet — it will be available in the near future.

The Skylit Public API uses bearer authentication. Send your API key in the Authorization header on every request:

Authorization: Bearer <your-api-key>

X-API-Key: <your-api-key> is also accepted if a bearer header is inconvenient.

Treat API keys like passwords. Never commit them to source control or expose them in client-side code. Use environment variables and rotate keys if one leaks.

Getting a key

Generate and manage keys from your account console. New accounts are seeded with 5,000 credits.

curl "https://api.skylit.ai/v1/heatmap?symbols=SPY" \
  -H "Authorization: Bearer $SKYLIT_API_KEY"

Credits

Every chargeable request debits a fixed cost from your credit balance.

Endpoint	Cost
`/v1/heatmap`	1
`/v1/historical`	5
`/v1/stream`	1 per minute open
`/v1/openapi.json`	0

Every chargeable response carries X-Credits-Remaining: <balance>.

402 insufficient_credits

You’re out of credits. Top up in the account console.

403 account_suspended

The account has been administratively suspended.

Rate limits

A safety ceiling of 600 requests / minute is enforced by the Skylit gateway and surfaced via X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. This is runaway protection, not your quota — credit metering does the per-customer accounting.

Status	Meaning
`401 Unauthorized`	Missing or invalid API key.
`403 Forbidden`	Key revoked/expired, or account suspended.
`429 Too Many Requests`	Rate ceiling hit — back off using `Retry-After`.

Make your first call

Jump to GET /v1/heatmap and try it live in the playground.

​Getting a key

​Credits

​Rate limits

Make your first call

Getting a key

Credits

Rate limits