Skip to main content
Menu

Get started

Authentication

API keys authenticate partner requests today. OAuth 2.1 and scoped tokens are on the roadmap.

API keys

Pass your secret as a bearer token on every request. Keys are created and revoked from your dashboard. The secret is shown once at creation — store it somewhere safe; we only keep a hash.

bash
Authorization: Bearer ak_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Verify which key is calling and what it can do with GET /v1/me.

Anonymous access

Read endpoints accept unauthenticated requests at the anonymous rate tier (keyed by IP). A valid key lifts you to the partner tier. See rate limits.

Scopes

Keys carry read scopes, checked when a key is present:

  • properties:read
  • guides:read
  • clubs:read
  • fly_shops:read
  • availability:read

Roadmap — OAuth 2.1 & M2M

For apps acting on behalf of AnglerPass users we will add OAuth 2.1 (authorization-code + PKCE) with granular scopes, plus client-credentials for machine-to-machine partners and short-lived JWT access tokens. API keys remain supported for server-to-server integrations.