Authentication
All API requests require a valid API key passed as a Bearer token in theAuthorization header.
Bearer Token
Include your API key in every request using the Authorization header:
Header
Authorization: Bearer gtm_live_your_key
cURL Example
curl -X POST https://api.gtmdata.co/v1/validate \
-H "Authorization: Bearer gtm_live_your_key" \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com"}'How to Get Your Key
1. Sign up or log in at app.gtmdata.com.
2. Go to Settings → API Keys.
3. Click Create Key. Your key will start with gtm_live_.
4. Copy and store the key securely. It will only be shown once.
Warning: Never expose your API key in client-side code, public repos, or frontend bundles. Use environment variables and server-side requests only.
Error Codes
| Status Code | Meaning | What to Do |
|---|---|---|
| 401 Unauthorized | Missing or invalid API key | Check that your Authorization header includes a valid key starting with gtm_live_ |
| 402 Payment Required | Insufficient credits | Purchase more credits or upgrade your plan at app.gtmdata.com |
| 429 Too Many Requests | Rate limit exceeded | Back off and retry after the time indicated in the Retry-After header |
Rate Limit Headers
Every response includes rate limit headers so you can monitor your usage:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
Retry-After | Seconds to wait before retrying (only on 429) |