Authentication
Every /v3 endpoint except /v3/health and /v3/ready requires a bearer token.
Getting a key
Every Dato Capital account comes with an API key — there's no separate API signup. The free plan is enough to explore:
- Create a free Dato Capital account (or sign in if you already have one).
- Visit api.datocapital.com/dashboard. The shared session cookie carries over, so you land authenticated.
- Copy your live key from the API keys panel.
Already signed in? Jump straight to your dashboard.
Sending a request
curl -H "Authorization: Bearer dc_live_..." \
"https://api.datocapital.com/v3/whoami"Live vs test keys
Each user has two keys, distinguished by prefix and stored separately on the server:
dc_live_…— production key, hits real data.dc_test_…— test key (same data; treat as test-tagged for your auditing). Today both keys read the same backend; the distinction lives in the audit log so you can filter dev calls out of usage analytics.
The auth resolver echoes key_mode on /v3/whoami so you can confirm which one you're using.
Errors
| HTTP | type | meaning |
|---|---|---|
401 | missing-credentials | No Authorization header. |
401 | invalid-credentials | Header was present but the key didn't resolve. |
403 | plan-insufficient | Resolved key is on a plan below the endpoint's gate. X-Required-Plan response header carries the plan code that unlocks the endpoint. |
429 | rate-limited | Per-user-minute window exceeded. Retry-After in seconds; X-RateLimit-{Limit,Remaining,Reset} on every response. |
Try it
The interactive playground stores your key in localStorage (browser-side only — we never see the token in transit unless you fire a request). Open the API reference and paste the key into the auth field at the top.