To obtain your API key, sign into Enigma Public, then click your initials at the top right of the Enigma Public screen and choose Account Settings.

The API server authenticates all requests made to the API. Since anonymous API calls are severely rate limited, each API request should include a bearer token (API key) or valid session cookie. A token is required for calls to the /export/ and /personal-collections/ endpoints.

To avoid interception of authentication tokens, send all API requests over TLS-protected connections.

Using a bearer token (API key)

When using bearer tokens, each API request must include an Authorization header in the following format:

Authorization: Bearer <APIKEY>

For example:

$ curl -X GET '' \
       -H 'Authorization: Bearer ABCwnldPbOkLjV9lLGFfb8MctvIDmId6Zxyz'

If the authorization header is missing or is improperly formatted, the API returns an HTTP response with status code 401 Unauthorized and a JSON-encoded auth_required error.

To obtain your API key through the API, sign into the API server using the POST /account/login endpoint. Your API key is included in the response. You can also get your API key through the Enigma Public user interface by clicking your initials at the top right of the screen and choosing Account Settings.

Session-based authentication uses a cryptographically secure cookie to store authentication and user data. To obtain a session cookie, sign into the API server using the POST /account/login endpoint. The cookie is included in the response headers. See POST /account/login for usage information and examples.