guide-authentication

Authentication

All public embed APIs use bearer-token authentication.

Authorization: Bearer mbd-your-api-key

Create and rotate keys in the embed Console. Treat keys as server-side secrets; do not ship them in public web or mobile clients.

Quick Check

Use a small Search request to verify that the key and base URL are correct.

curl https://api.mbd.xyz/v3/studio/search/filter_and_sort \
  -H "Authorization: Bearer mbd-your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "index": "polymarket-items",
    "size": 3,
    "include": [
      { "filter": "numeric", "field": "volume_24hr", "operator": ">", "value": 1000 }
    ],
    "sort_by": { "field": "volume_24hr", "order": "desc" }
  }'

Environments

Use https://api.mbd.xyz/v3/studio for Studio API calls, including algorithm-backed notification configs.

export EMBED_STUDIO_URL="https://api.mbd.xyz/v3/studio"
export EMBED_API_KEY="mbd-your-api-key"

Common Errors

SymptomLikely causeFix
401 UnauthorizedMissing, expired, or wrong API keyCreate or rotate the key in Console
Empty result setValid request, but filters are too narrowRemove filters and add them back one at a time
Validation succeeds but run failsAlgorithm changed after signing or uses unsupported runtime behaviorRe-run /algo/validate, then /run/algo
Console works but server call failsDifferent key or base URLCompare the Console account and API base URL