DOCS
Authentication
Every request is authenticated with a single secret API key.
tickstream uses a single secret API key per account. Pass it as a Bearer token on
REST requests, or as a key query parameter when opening a WebSocket.
Your key
Find and manage your key in the dashboard. Keys are prefixed
sk_live_ and grant full access to your plan — keep them server-side and never commit
them to source control.
REST requests
Authorization: Bearer sk_live_…curl https://api.tick-stream.xyz/v1/quote?symbol=ES \
-H "Authorization: Bearer sk_live_…"WebSocket connections
wss://stream.tick-stream.xyz/v1?key=sk_live_…&symbols=ES# or send it as a header on the upgrade request
Authorization: Bearer sk_live_…Passing the key in the URL is convenient for quick tests, but the header form is preferred in production so the secret doesn't end up in logs or proxies.
Rotating a key
If a key leaks, rotate it from the dashboard with one click. The old key stops working immediately, so update your services first. tickstream supports one active key per account today — need multiple scoped keys? Tell us.
Auth errors
| Status | Meaning |
|---|---|
401 | Missing or invalid API key. |
402 | No active subscription for the requested data. |
403 | Key valid, but your plan doesn't include this symbol or feed (e.g. options on a non-Pro plan). |
See Limits & errors for the full error model.