All API requests require an API key. You can generate one from your API Keys page.
Keys follow the format cur_live_xxxxxxxxxxxx.
Authentication methods
There are two ways to authenticate. Both are equivalent — use whichever fits your HTTP client.
Bearer token (recommended)
Pass your key in the Authorization header:
Authorization: Bearer cur_live_xxxxxxxxxxxx
X-API-Key header:
X-API-Key: cur_live_xxxxxxxxxxxx
Full example
curl -X POST https://api.getcurrent.ca/v1/search \
-H "Authorization: Bearer cur_live_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"name": "Acme Corp"}'
Security best practices
Never expose your API key in client-side code, public repositories, or logs.
- Store keys in environment variables, not hardcoded in source files
- Use secrets managers (AWS Secrets Manager, HashiCorp Vault, Vercel env vars) in production
- Rotate keys immediately if you suspect compromise — generate a new key on the API Keys page
Error responses
| Status | Meaning |
|---|
401 Unauthorized | Key is missing, invalid, or revoked |
403 Forbidden | Key is valid but lacks permission for this operation |
{ "error": "Invalid API key" }
