A bearer token (commonly an API key) is a secret credential sent in an HTTP request's Authorization header — as `Authorization: Bearer <key>` — to authenticate the caller and authorize access to an API or MCP server.
Whoever holds ("bears") the token gets the access, so it must be kept secret and sent over HTTPS. The server checks the key on each request, identifies the account, and applies its permissions and usage metering.
A single key that unlocks every dataset across both REST and MCP is the practical meaning of "one key to the world's market data."
`curl -H "Authorization: Bearer ark_live_…" https://arkolith.com/api/v1/funds` authenticates with a bearer token.
Mint one Arkolith key and the same bearer token works across the REST API and the MCP server, with credits metered per call.
Arkolith turns this into live, sourced data your agent can query — SEC filings, insider activity, and market data behind one key, every datapoint traceable to its origin.