Authentication - StockContext

Send your key on every REST request in the X-API-Key header.

curl "https://api.stockcontext.com/v2/snapshot?symbol=AAPL" \
  -H "X-API-Key: $STOCKCONTEXT_API_KEY"

Use exactly that header name. There is no Authorization: Bearer path for REST, and the hosted MCP server authenticates with the same X-API-Key header.

Keys

Keys start with the sctx_ prefix. Create and revoke them at the dashboard.

The raw secret is shown once, at creation. Copy it before you close the dialog. StockContext cannot show it again.
Keys do not expire on their own. They stay valid until you revoke them.
Revocation takes effect within about a minute. After that, the key returns UNAUTHORIZED.

Keep keys server-side. Do not ship them in browser bundles, mobile binaries without a backend broker, public repos, logs, screenshots, support threads, or model prompts. A leaked sctx_ secret can call your whole quota until you revoke it.

When a key fails

A missing, malformed, or revoked key returns HTTP 401 with UNAUTHORIZED:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid X-API-Key header.",
    "retryable": false
  }
}

This is not retryable. Retrying with the same key wastes requests against your rate limit. Fix the header, swap in a live key, or create a new one. For the full status-and-retry table, see error codes.

SEC analyst core catalog Plans and limits

⌘I

​Keys

​When a key fails

Keys

When a key fails