Authentication

All API requests require authentication. The CaneToad API uses API tokens for authentication, providing secure access to your data.

Getting an API Token

Using Your Token

You can include your API token in requests using one of two methods:

Authorization Header (Recommended)

Include your token in the Authorization header with the Bearer prefix:

curl -H "Authorization: Bearer ct_your_token_here" \
  https://api.canetoad.ai/api/v1/companies

const response = await fetch('https://api.canetoad.ai/api/v1/companies', {
  headers: {
    'Authorization': 'Bearer ct_your_token_here'
  }
});

import requests

response = requests.get(
    'https://api.canetoad.ai/api/v1/companies',
    headers={'Authorization': 'Bearer ct_your_token_here'}
)

Query Parameter

For use with spreadsheet applications (Google Sheets, Excel), you can include your token as a query parameter:

https://api.canetoad.ai/api/v1/companies?api_key=ct_your_token_here

Token Security

Follow these best practices to keep your tokens secure:

• Never share your API tokens publicly or commit them to version control
• Rotate tokens periodically and revoke unused tokens
• Use separate tokens for different applications
• Store securely using environment variables or secret managers

Managing Tokens

You can manage your tokens at any time from your API Tokens settings page:

• View all active tokens and their last usage
• Create new tokens with descriptive names
• Revoke tokens that are no longer needed

Token Format

All CaneToad API tokens follow this format:

ct_[base64url-encoded-random-string]

Example: ct_a1B2c3D4e5F6g7H8i9J0k1L2m3N4o5P6q7R8s9T0u1V2

The ct_ prefix makes it easy to identify CaneToad tokens and prevent accidental exposure.

Subscription Requirements

An active subscription is required to use the API. If your subscription expires:

• API requests will return a 403 Forbidden error
• Error code: SUBSCRIPTION_REQUIRED
• Renew your subscription at canetoad.ai/pricing