Authentication

Public API endpoints require token authentication.

Header format

Authorization: Bearer <token>

Example:

curl "$BASE_URL/api/public/v1/demos?limit=5&offset=0" \
  -H "Authorization: Bearer $TOKEN"

Recommended example env:

export BASE_URL="https://highlights-api.rankacy.com"
export TOKEN="rk_live_..."

Token safety checklist

Treat tokens like passwords.
Store tokens in a secret manager (not source control).
Rotate tokens regularly.
Revoke tokens immediately on leakage/suspicion.

Common auth failures

401 Unauthorized

Missing token:

{"detail": "API token missing"}

Invalid token:

{"detail": "Invalid API token"}

403 Forbidden

Revoked token:

{"detail": "API token revoked"}

Also returned when the token is valid but does not own the requested resource.

Python examples

`requests`

import requests

base_url = "https://highlights-api.rankacy.com"
token = "rk_live_..."

resp = requests.get(
    f"{base_url}/api/public/v1/demos",
    headers={"Authorization": f"Bearer {token}"},
    timeout=30,
)
resp.raise_for_status()
print(resp.json())

`httpx`

import httpx

base_url = "https://highlights-api.rankacy.com"
token = "rk_live_..."

with httpx.Client(timeout=30) as client:
    resp = client.get(
        f"{base_url}/api/public/v1/demos",
        headers={"Authorization": f"Bearer {token}"},
    )
    resp.raise_for_status()
    print(resp.json())

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search