Back to Docs

Authentication

Authentication

API Authentication

All API requests require authentication via an API key. Include your key in thex-api-keyheader with every request.

Get Your API Key

  1. Visit our pricing page and choose a plan
  2. Choose a subscription plan that fits your needs
  3. Navigate to your Dashboard
  4. Your API key will be displayed in the API Key section

FreeAstroAPI Overview

Watch the short setup walkthrough, then use the examples below to make your first authenticated request.

Base URL

https://api.freeastroapi.com

Required Headers

HeaderValueRequired
x-api-keyYour API keyYes
Content-Typeapplication/jsonYes (for POST)
Idempotency-KeyClient-generated unique operation keyNo (recommended for billable POST retries)
Safe retries with Idempotency-Key

Authenticated, billable astrology POST requests accept Idempotency-Key: <client-generated unique operation key>. Generate one key per intended operation. Reuse the same key only when retrying the exact same request after a timeout or network failure.

Node.js

const idempotencyKey = crypto.randomUUID();

await fetch("https://api.freeastroapi.com/api/v1/natal/calculate", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": process.env.FREE_ASTRO_API_KEY,
    "Idempotency-Key": idempotencyKey
  },
  body: JSON.stringify(payload)
});

Python

import uuid

idempotency_key = str(uuid.uuid4())

headers = {
    "Content-Type": "application/json",
    "x-api-key": "YOUR_API_KEY",
    "Idempotency-Key": idempotency_key
}

Authentication Examples

curl -X POST "https://api.freeastroapi.com/api/v1/natal/calculate" \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"year": 1990, "month": 5, "day": 15, "hour": 10, "minute": 30, "city": "New York", "lat": 40.7128, "lng": -74.006}'

Security Best Practices

  • Never expose your API key in client-side code. Make API calls from your backend server.
  • Use environment variables to store your API key, not hardcoded strings.
  • Rotate your API key if you suspect it has been compromised.
  • Monitor your usage in the dashboard to detect unusual activity.

Authentication Errors

StatusMessageDescription
401Missing API keyx-api-key header not provided
401Invalid API keyThe API key does not exist or was revoked
429Rate limit exceededYou've exceeded your plan's request limit
403Subscription requiredYour subscription has expired or is inactive

Rate Limits

Rate limits vary by subscription plan. The following headers are included in every response:

HeaderDescription
X-RateLimit-LimitTotal requests allowed per period
X-RateLimit-RemainingRequests remaining in current period
X-RateLimit-ResetTimestamp when the limit resets

Next Steps