Skip to main content
The Insighthread News API authenticates all requests using API keys passed as Bearer tokens. You’ll receive your API key when you sign up for API access — there are no OAuth flows or rotating credentials to manage. Every request must include a valid key; unauthenticated requests are rejected immediately.

Getting Your API Key

API keys are issued as part of your enterprise onboarding. To request access, contact the Insighthread sales team at insighthread.com/newsapi. Once your agreement is in place, your API key will be delivered via the developer portal or directly by the Insighthread team.
If you need additional API keys — for example, to isolate production and staging environments — contact your account manager. Multi-key configurations are supported under enterprise plans.

Making Authenticated Requests

Pass your API key in the Authorization header using the Bearer scheme on every request:
Authorization: Bearer YOUR_API_KEY
Replace YOUR_API_KEY with the key provided during onboarding. The following examples show authenticated requests across common HTTP clients:
curl https://api.insighthread.com/v1/events \
  -H "Authorization: Bearer YOUR_API_KEY"
import httpx

client = httpx.Client(
    base_url="https://api.insighthread.com/v1",
    headers={"Authorization": "Bearer YOUR_API_KEY"}
)
response = client.get("/events")
const client = {
    baseURL: "https://api.insighthread.com/v1",
    headers: { "Authorization": "Bearer YOUR_API_KEY" }
};

const response = await fetch(`${client.baseURL}/events`, {
    headers: client.headers
});

Authentication Errors

If your request is rejected due to an authentication problem, the API returns one of the following HTTP status codes:
Status CodeMeaning
401 UnauthorizedAPI key is missing from the request or is not a valid key
403 ForbiddenAPI key is valid but does not have permission to access this resource
429 Too Many RequestsYour key has exceeded its rate limit; back off and retry
All error responses include a JSON body with an error field describing the problem. See Response Schema for the full error response format.
Keep your API key secret. Never expose it in client-side JavaScript, mobile app bundles, public repositories, or any environment where it could be read by unauthorized parties. If you believe your key has been compromised, contact your account manager immediately for a rotation.
Store your API key in an environment variable rather than hardcoding it in your source code:
export INSIGHTHREAD_API_KEY="your_key_here"
Then reference it in your code with os.environ["INSIGHTHREAD_API_KEY"] (Python) or process.env.INSIGHTHREAD_API_KEY (Node.js).