Authentication
The GSE Data API uses API key authentication. Every request must include your key in the X-API-Key HTTP header.
Sending your key
http
1GET /v1/stocks HTTP/1.1
2Host: api.usevalley.xyz
3X-API-Key: live_your_key_hereThere is no OAuth flow, no bearer token exchange, and no session cookie — just the header on every request.
Key format
Keys are issued in the format:
Example: live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6
Managing keys
Go to the Developer Portal to:
- Generate a new key (with a descriptive label)
- View all your active keys and their usage counters
- Revoke a key instantly if it is compromised
Keys are hashed with SHA-256 before storage. The raw key is shown only once at creation — store it securely.
Error responses
| HTTP Status | Meaning |
|---|---|
401 Unauthorized | X-API-Key header is missing or the key does not exist |
401 Unauthorized | The key has been revoked (is_active: false) |
429 Too Many Requests | Rate limit exceeded — see Rate limits |