OrbiSearch authenticates every request using an API key that you pass in the X-API-Key HTTP header. There are no OAuth flows or session tokens — just include your key on every request.
Get your API key
- Sign in to your OrbiSearch account.
- Go to Dashboard → API.
- Create a new key and copy it immediately — it will not be shown again.
Keep your API key secret. Do not include it in client-side code, public repositories, or anywhere that could expose it to unauthorized users. If a key is compromised, revoke it from the dashboard and create a new one.
Pass your key in requests
Include your API key in the X-API-Key header on every request:
curl "https://api.orbisearch.com/v1/[email protected]" \
-H "X-API-Key: YOUR_API_KEY"
YOUR_API_KEY with your actual key.
Authentication errors
If your key is missing or invalid, the API returns a 401 Unauthorized response:
{
"detail": "API key required in X-API-Key header"
}
- The
X-API-Key header is present on every request
- The key value is correct and has not been revoked
- There are no leading or trailing spaces in the key value
Rate limits
Each API key is rate-limited to 20 requests per second. If you exceed this limit, the API returns a 429 Too Many Requests response. Contact OrbiSearch if you need higher throughput. 
