Authentication

Every request, REST or MCP, is authenticated with a single bearer API key. One key carries your wallet and works across both surfaces.

API keys#

Mint a key at arkolith.com/connect. It's free, needs no card, and your wallet starts with 1,000 credits/month. Keys look like ak_live_… and are shown once at creation, so store it somewhere safe. You can mint, name, and revoke keys from your account.

The Authorization header#

Pass the key as a bearer token on every request:

http
Authorization: Bearer YOUR_API_KEY

REST:

bash
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://arkolith.com/api/v1/funds

MCP (Claude Code), where the key is stored with the server connection:

bash
claude mcp add --transport http arkolith https://arkolith.com/api/mcp \
  --header "Authorization: Bearer YOUR_API_KEY"

Rate limits#

SurfaceLimitNotes
REST /api/v1300 req/min per key120 req/min per IP pre-auth
MCP /api/mcp240 req/min per keyJSON-RPC batch up to 25 ops

Over the limit returns 429. See Errors for the full table and how unauthenticated / out-of-credit responses are shaped (they include the URL to fix it).

Discovery is free#

You don't need a key to discover what's available. The MCP tools/list method, the public catalog at /api/mcp/catalog, the OpenAPI spec, and /.well-known/mcp.json are all open. Only tools/call and the REST data endpoints require a key and spend credits.

If a key leaks
Revoke it from your account and mint a new one. Revocation is instant. Treat keys like passwords: header-only, never in client-side code or a public repo.
← Previous
Quickstart
Next →
Credits & pricing