Skip to main content
Every active marketplace subscription comes with an API key — a credential your team uses to authenticate requests to the subscribed API product. Palladium AI provisions a key automatically when you subscribe to a plan. This page explains where to find your keys, how to include them in requests, and what to expect when your plan changes.
Keep your API key secret — do not commit it to source control or share it publicly. Anyone who obtains your key can make API calls that count against your plan’s quota.

Where to find your API keys

Navigate to your team workspace and select APIs in the sidebar. Open the My Subscriptions tab to see all active subscriptions for your team. Each subscription row displays the associated API key alongside the product name and plan details. Click the copy icon next to a key to copy it to your clipboard.

Using an API key

Include your API key as a Bearer token in the Authorization header of every request to the product’s endpoint. The example below shows a request to the Risk Score API: 
curl -H "Authorization: Bearer YOUR_API_KEY" \
     https://api.palladiumlabs.online/v1/risk-score
Replace YOUR_API_KEY with the key shown in your My Subscriptions view. The same pattern applies to all marketplace products — built-in and custom alike.

Key lifecycle

API keys are tied directly to your subscription plan. The table below summarises how key state changes as your subscription changes:
EventKey behaviour
New subscription activatedA new API key is provisioned for the plan.
Plan upgradedA new key is issued; the previous key is revoked.
Plan downgradedA new key is issued; the previous key is revoked.
Subscription cancelledThe key is revoked and will no longer authenticate requests.
After upgrading or downgrading, update any services or environment variables that store your API key before the old key is revoked to avoid request failures.

Rate limits and quotas

Each plan defines two usage boundaries that govern how your team can call the API:
  • Monthly quota — the maximum number of calls allowed in a calendar month. Once your team reaches the quota ceiling, further calls will be rejected until the next billing period begins.
  • Rate limit — the maximum number of calls allowed per minute at any point in time. If your team exceeds the rate limit, the API returns HTTP 429 Too Many Requests. Back off and retry after a short delay.
Both limits are displayed in the plans table when you browse the marketplace. Choose a plan whose quota and rate limit comfortably cover your team’s expected traffic.