v1.0.0Changelog

Authentication

The Darta API uses API key authentication. All requests must include a valid API key in the Authorization header.

API Key Authentication

All API requests must be authenticated using a Bearer token in the Authorization header:

Authentication header
Authorization: Bearer YOUR_API_KEY

Keep Your API Key Secret

Never expose your API key in client-side code, public repositories, or logs. Always use environment variables or secure credential management.

Getting Your API Key

To get your API key:

  1. Sign up for a Darta account at darta.dev
  2. Navigate to your dashboard
  3. Go to the API Keys section
  4. Click "Create New API Key"
  5. Give your key a descriptive name
  6. Copy and securely store your API key

API Key Format

API keys start with darta_ followed by a unique identifier.

Making Authenticated Requests

Here are examples of how to include your API key in requests:

cURL

Authenticated cURL request
curl -X POST https://darta.dev/api/search \
  -H "Authorization: Bearer darta_1234567890abcdef" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "wireless headphones",
    "platforms": ["amazon"]
  }'

JavaScript

JavaScript with fetch
const response = await fetch('https://darta.dev/api/search', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer darta_1234567890abcdef',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    query: 'wireless headphones',
    platforms: ['amazon']
  })
});

const data = await response.json();

Python

Python with requests
import requests

headers = {
    'Authorization': 'Bearer darta_1234567890abcdef',
    'Content-Type': 'application/json'
}

payload = {
    'query': 'wireless headphones',
    'platforms': ['amazon']
}

response = requests.post(
    'https://darta.dev/api/search',
    headers=headers,
    json=payload
)

Environment Variables

Always store your API key in environment variables for security:

.env File

.env
DARTA_API_KEY=darta_1234567890abcdef

Using Environment Variables

Node.js example
// Load environment variables
require('dotenv').config();

const apiKey = process.env.DARTA_API_KEY;

const response = await fetch('https://darta.dev/api/search', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    query: 'wireless headphones',
    platforms: ['amazon']
  })
});

API Key Management

You can manage your API keys from the dashboard:

🔑 Multiple API Keys

Create multiple API keys for different applications or environments (development, staging, production).

🏷️ Key Naming

Give your API keys descriptive names to easily identify their purpose (e.g., "Production App", "Development", "Mobile App").

🔄 Key Rotation

Regularly rotate your API keys for security. Create a new key before deleting the old one to avoid downtime.

📊 Usage Monitoring

Monitor API key usage in the dashboard to track consumption and identify unusual activity.

Rate Limits

API keys are subject to rate limits based on your subscription plan:

PlanRequests/HourRequests/DayConcurrent
Free1001,0002
Starter1,00010,0005
Professional5,00050,00010
EnterpriseCustomCustomCustom

Rate limits are enforced per API key. If you exceed your limits, you'll receive a 429 status code.

Error Responses

Authentication-related errors will return specific status codes:

401Unauthorized

Missing or invalid API key

401 Response
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key provided"
  }
}
429Rate Limited

Too many requests

429 Response
{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded. Try again in 3600 seconds.",
    "retry_after": 3600
  }
}
403Forbidden

Insufficient credits or permissions

403 Response
{
  "error": {
    "code": "insufficient_credits",
    "message": "Not enough credits to complete this request",
    "credits_required": 10,
    "credits_available": 5
  }
}

Best Practices

✅ Do

  • • Store API keys in environment variables
  • • Use different keys for different environments
  • • Implement proper error handling for auth failures
  • • Monitor your API usage regularly
  • • Rotate keys periodically

❌ Don't

  • • Hardcode API keys in your source code
  • • Commit API keys to version control
  • • Share API keys between team members
  • • Use production keys in development
  • • Ignore rate limit responses

Need Help?

If you're having trouble with authentication, check our error handling guide or contact support.