Authentication
The QuantConomy API authenticates requests with API keys. Send your key as a
Bearer token, and the API resolves your account, plan, rate limits and credit
balance from it. Every endpoint requires a key — there is no anonymous
access. To try the API before signing up, use the public demo key mtk_demo
(see Demo key below). Only GET / and GET /health are open.
API key format
Section titled “API key format”Keys are prefixed with mtk_ followed by 44 random characters:
mtk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxThe first 12 characters (for example mtk_a1b2c3d4) are the key prefix,
which is what dashboards and the API show to help you identify a key. The full
secret is shown only once, at creation time — it is never returned again.
Demo key
Section titled “Demo key”Want to try the API before signing up? Use the public demo key:
mtk_demoIt authenticates as a shared demo account so you can call the data endpoints immediately — meant for evaluation, not production. It is free to use, but intentionally limited:
- Shared, auto‑refilling credit budget — demo calls cost the same
per‑endpoint credits as a real account, but they draw from a single pooled
budget of about 100 credits per hour shared across all demo callers. The
bucket refills every hour. When it is empty you get 402
INSUFFICIENT_CREDITSuntil the next refill — switch to your own key for a dedicated balance. - Full read access, including SEC datasets, so you can explore the whole surface.
- Capped at 3 results per request — list endpoints return at most 3
items. Requesting
limitgreater than 3 returns 400BAD_REQUEST(it is not silently trimmed). - No pagination —
cursor,offset, andpageare rejected with 400BAD_REQUEST. You cannot page beyond the first 3 results. - Shared, globally rate‑limited — every demo caller draws from one common per‑key rate‑limit bucket (about 240 requests/minute total), so it can be throttled when busy.
- No key management — it cannot create or manage API keys.
When you are ready for real usage, create your own key at app.quantconomy.com for your own credits, rate limits, full result sets, pagination, and plan features.
Sending your key
Section titled “Sending your key”Pass the full key in the Authorization header on every request:
Authorization: Bearer mtk_your_key_herecurl "https://api.quantconomy.com/api/v1/entries?limit=5" \ -H "Authorization: Bearer mtk_your_key_here"const res = await fetch( 'https://api.quantconomy.com/api/v1/entries?limit=5', { headers: { Authorization: 'Bearer mtk_your_key_here' } });const body = await res.json();import requests
res = requests.get( 'https://api.quantconomy.com/api/v1/entries', params={'limit': 5}, headers={'Authorization': 'Bearer mtk_your_key_here'},)body = res.json()Every endpoint except GET / and GET /health requires a key. A missing or
malformed Authorization header returns 401 Unauthorized, and a key that is
unknown, revoked or expired also returns 401. The demo key mtk_demo
satisfies this requirement.
Creating keys in the dashboard
Section titled “Creating keys in the dashboard”The simplest way to get a key:
- Sign in at app.quantconomy.com.
- Open Account → API Keys.
- Create a key, give it a descriptive name, and (optionally) an expiration date.
- Copy the full
mtk_...value immediately — it is shown only once.
Managing keys programmatically
Section titled “Managing keys programmatically”Once you have one key, you can manage the rest over the API. These
/account/api-keys endpoints are free (0 credits) and require an existing
valid key.
Create a key
Section titled “Create a key”POST /account/api-keys — the response includes the full apiKey value
once; store it securely.
curl -X POST https://api.quantconomy.com/api/v1/account/api-keys \ -H "Authorization: Bearer mtk_your_key_here" \ -H "Content-Type: application/json" \ -d '{ "name": "My Trading Bot" }'const res = await fetch( 'https://api.quantconomy.com/api/v1/account/api-keys', { method: 'POST', headers: { Authorization: 'Bearer mtk_your_key_here', 'Content-Type': 'application/json', }, body: JSON.stringify({ name: 'My Trading Bot' }), });const { data } = await res.json();console.log(data.apiKey); // full key — shown only onceimport requests
res = requests.post( 'https://api.quantconomy.com/api/v1/account/api-keys', headers={'Authorization': 'Bearer mtk_your_key_here'}, json={'name': 'My Trading Bot'},)data = res.json()['data']print(data['apiKey']) # full key — shown only onceThe optional expiresAt field (ISO 8601, for example 2025-12-31T23:59:59.000Z)
makes the key stop working after that date. Custom key expiration is a
Professional+ feature.
List your keys
Section titled “List your keys”GET /account/api-keys returns each key’s id, name, keyPrefix,
isActive, expiresAt, lastUsedAt and createdAt. The full secret is never
included — only the prefix.
curl https://api.quantconomy.com/api/v1/account/api-keys \ -H "Authorization: Bearer mtk_your_key_here"const res = await fetch( 'https://api.quantconomy.com/api/v1/account/api-keys', { headers: { Authorization: 'Bearer mtk_your_key_here' } });const { data } = await res.json();import requests
res = requests.get( 'https://api.quantconomy.com/api/v1/account/api-keys', headers={'Authorization': 'Bearer mtk_your_key_here'},)data = res.json()['data']Revoke a key
Section titled “Revoke a key”DELETE /account/api-keys/:id deactivates a key by its id (the UUID, not the
prefix). It stops working immediately.
curl -X DELETE \ https://api.quantconomy.com/api/v1/account/api-keys/THE_KEY_ID \ -H "Authorization: Bearer mtk_your_key_here"await fetch( `https://api.quantconomy.com/api/v1/account/api-keys/${keyId}`, { method: 'DELETE', headers: { Authorization: 'Bearer mtk_your_key_here' }, });import requests
requests.delete( f'https://api.quantconomy.com/api/v1/account/api-keys/{key_id}', headers={'Authorization': 'Bearer mtk_your_key_here'},)Demo key vs your own key
Section titled “Demo key vs your own key”A key is always required. The free demo key lets you explore the API; your own key unlocks full results, pagination, a dedicated credit balance, and your plan’s higher rate limits.
Demo key (mtk_demo) | Your own key (mtk_ key) | |
|---|---|---|
| List results | Capped at 3 per list (400 if you ask for more) | Up to your plan’s limit |
| Pagination | Not available (400 on cursor/offset/page) | Cursor pagination supported |
| Extended metadata | Included | Included |
| SEC filing data | Included | Available on Starter+ |
| Credits | Same per‑endpoint cost, drawn from a shared ~100/hour pooled bucket (402 when empty) | Deducted from your own balance |
| Rate limit | Shared demo bucket (~240/min total across all demo callers) | Per‑key, by plan |
When you are ready for real usage, create your own key — you get full results, pagination, your own credit balance, SEC datasets (on a qualifying plan), and your plan’s higher rate limits. See Plans & credits and Rate limits for the numbers.
Security best practices
Section titled “Security best practices”- Never expose keys client‑side. API keys are secrets. Keep them server‑side or in environment variables — never ship them in browser, mobile, or public‑repo code.
- One key per application or environment. Separate keys make it easy to
revoke a single compromised integration without disrupting the others, and the
lastUsedAtfield helps you spot unused or leaked keys. - Rotate regularly. Create a new key, deploy it, then revoke the old one.
Set
expiresAtto force rotation where your plan supports it. - Revoke immediately if a key is leaked. Revocation takes effect at once.
Maximum keys per plan
Section titled “Maximum keys per plan”Each plan caps how many active API keys you can hold:
| Plan | Max API keys |
|---|---|
| Free | 2 |
| Starter | 5 |
| Professional | 20 |
| Enterprise | 100 |