Authentication

All API endpoints (except /v1/health) require an API key passed in the X-API-Key header.

Getting a key

Using your key

Include the key in every request:

curl -H "X-API-Key: gld_your_key_here" \
  "https://api.gildea.ai/v1/signals?q=test"

Tiers

Tier	Rate limit	Monthly limit	Features
Free	5 req/min	200/month	All read endpoints
Pro	30 req/min	2,000/month	All read endpoints + hybrid search
Team	120 req/min	10,000/month	All read endpoints + hybrid search

Error responses

An invalid, revoked, or expired API key returns 401:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key",
    "status": 401
  }
}

If the X-API-Key header is omitted entirely, FastAPI returns 422 (missing required header). If the header is present but the key is invalid, the API returns 401.

Security

Keys are hashed with SHA-256 before storage — we never store plaintext keys
Keys can be revoked instantly from your dashboard
All requests are logged for usage tracking

Getting Started

Core Concepts

Guides

Getting a key

Using your key

Tiers

Error responses

Security

Getting Started

Core Concepts

Guides

​Getting a key

​Using your key

​Tiers

​Error responses

​Security

Getting a key

Using your key

Tiers

Error responses

Security