Authentication

Authentication

All requests to the Guardis API require authentication using your API key. The method for including your key varies depending on the protocol you're using.

Don't have an API key yet? Contact us at [email protected] to request access.

REST API

For all REST requests, include your API key in the X-API-Key header.

Header format:

X-API-Key: your_api_key_here

Example request:

curl -X GET "https://enterprise.guardis.io/v1/endpoint" \
  -H "X-API-Key: your_api_key_here"

WebSocket

For WebSocket connections, include your API key as a query parameter when establishing the connection.

Connection format:

wss://api.guardis.io/v1/ws?api_key=your_api_key_here

Example (JavaScript):

const socket = new WebSocket(
  "wss://enterprise.guardis.io/v1/market-data/ws?api_key=your_api_key_here"
);

gRPC

For gRPC requests, include your API key in the request metadata using the x-api-key field.

Metadata format:

Example (Python):

import grpc

metadata = [("x-api-key", "your_api_key_here")]

with grpc.secure_channel("enterprise.guardis.io:443", grpc.ssl_channel_credentials()) as channel:
    stub = GuardisServiceStub(channel)
    response = stub.GetMarketData(request, metadata=metadata)

Example (Go):

ctx := metadata.AppendToOutgoingContext(
    context.Background(),
    "x-api-key", "your_api_key_here",
)

response, err := client.GetMarketData(ctx, request)

Keeping Your API Key Secure

Your API key grants access to your Guardis account and usage quota. Treat it like a password.

• Never expose your key in client-side code — API calls should be made from your backend

• Don't commit keys to version control — Use environment variables or a secrets manager

• Rotate keys if compromised — Contact [email protected] immediately if you suspect your key has been exposed

Authentication Errors

If your API key is missing, invalid, or expired, you'll receive an error response.

See the Errors section for full details on error handling.