Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.oathnet.org/llms.txt

Use this file to discover all available pages before exploring further.

API Key Authentication

All customer-facing OathNet API endpoints use API-key authentication. Include your key in the x-api-key header on every request.
IMPORTANT: The header name must be lowercase: x-api-key

Getting Your API Key

1

Sign In

Go to oathnet.org and sign in.
2

Open Account Settings

Go to Dashboard > Account.
3

Copy the Key

Store it securely. Do not embed it in client-side code.

Get Your API Key

Open the dashboard account page

Using Your API Key

curl -X GET "https://oathnet.org/api/service/v2/breach/search?q=test" \
  -H "x-api-key: YOUR_API_KEY"

Using the Playground

1

Open an Endpoint

Navigate to a reference page such as V2 Breach Search.
2

Enter the Key

Expand the authorization panel in the playground and paste the API key.
3

Send a Request

Fill in the parameters and execute the request.
Your API key is stored locally in the browser and is only sent directly to the API server.

Authentication Errors

401 Unauthorized

Returned when the API key is missing or invalid.

403 Forbidden

Returned when the request is authenticated but the account lacks quota or plan access for that endpoint.

Security Best Practices

Keep the API key in an environment variable or secret manager instead of hardcoding it.
Do not expose the key in frontend bundles, browser code, or public repositories.
Review usage in the dashboard if you suspect overuse, leakage, or a quota anomaly.

Next Steps

Quickstart

Make your first request

Error Handling

Handle auth and quota failures correctly