Skip to content
DoesItARM

Authentication & API keys

DoesItARM reads are designed to be reachable with no credential at all. You add a key only to raise your limits or to unlock a paid capability.

Three tiers

Section titled “Three tiers”
TierHow you callWhat you get
AnonymousNo headerThe free reads (lookup, search, category), rate-limited per IP — the lowest bucket.
Free keyAuthorization: Bearer dia_free_…The same free reads, with higher limits than anonymous, plus the changelog email. No card. Get one →
PaidAuthorization: Bearer dia_live_…Everything above plus the paid capability axes — the change feed, bulk/export, a freshness SLA, a redistribution license. Early Access →

The header

Section titled “The header”

Send your key as a standard HTTP Bearer token — the same scheme Stripe and OpenAI use, so most agent frameworks handle it for free:

Terminal window
curl https://api.doesitarm.com/v1/changes?since=2026-06-01 \
  -H "Authorization: Bearer dia_live_xxxxxxxxxxxxxxxxxxxx"

Key prefixes

Section titled “Key prefixes”

Every key carries a prefix so it’s unmistakable — and greppable if it leaks:

  • dia_free_ — issued by free signup; no card, higher-than-anonymous limits.
  • dia_test_ — sandbox; safe in examples and CI.
  • dia_live_ — paid; unlocks the paid capabilities.

When you need a key

Section titled “When you need a key”
  • You don’t, to look up, search, or browse — those are free, anonymously. Start at the Quickstart.
  • For higher free limits, create a free key.
  • For the change feed or any paid axis, you need a dia_live_ key — see Early Access.

Calling a paid route without a valid key returns 401; calling it with a key that lacks the capability returns 403. Both use the standard error envelope.