guide-authentication
Authentication
All public embed APIs use bearer-token authentication.
Authorization: Bearer mbd-your-api-keyCreate and rotate keys in the embed Console. Treat keys as server-side secrets; do not ship them in public web or mobile clients.
Quick Check
Use a small Search request to verify that the key and base URL are correct.
curl https://api.mbd.xyz/v3/studio/search/filter_and_sort \
-H "Authorization: Bearer mbd-your-api-key" \
-H "Content-Type: application/json" \
-d '{
"index": "polymarket-items",
"size": 3,
"include": [
{ "filter": "numeric", "field": "volume_24hr", "operator": ">", "value": 1000 }
],
"sort_by": { "field": "volume_24hr", "order": "desc" }
}'Environments
Use https://api.mbd.xyz/v3/studio for Studio API calls, including algorithm-backed notification configs.
export EMBED_STUDIO_URL="https://api.mbd.xyz/v3/studio"
export EMBED_API_KEY="mbd-your-api-key"Common Errors
| Symptom | Likely cause | Fix |
|---|---|---|
401 Unauthorized | Missing, expired, or wrong API key | Create or rotate the key in Console |
| Empty result set | Valid request, but filters are too narrow | Remove filters and add them back one at a time |
| Validation succeeds but run fails | Algorithm changed after signing or uses unsupported runtime behavior | Re-run /algo/validate, then /run/algo |
| Console works but server call fails | Different key or base URL | Compare the Console account and API base URL |

