Server-to-server authentication
All server-to-server requests must be authenticated in one of two ways.
The first approach is to use an api_key
query parameter that Atom will assign. This approach is easy and can be easily incorporated into our documentation to run live queries against our sandbox environment.
For example, say I want to query "cars" from the Search endpoint. I could simply run:
curl --request POST \
--url "https://sandbox-platform.atom.finance/api/2.0/search?api_key=${YOUR_API_KEY}" \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"query":"cars"}'
The second approach is OAuth 2.0, which we recommend for production use cases.
Trial keys
Trial keys let you test and explore any of our API endpoints with the exception of the endpoints under the “/news” URL. Please contact your Atom representative for more details about our News endpoints. Responses with a trial key are limited to a few assets. Trial keys are limited to 60 queries per minute. With a trial key, you're limited to data for the following assets:
assetType | Trial Key Assets |
---|---|
Equity | AAPL, BABA, META, JPM, NKE, VALE3, PETR3, RY, SHOP |
Fund | SPY, VTSAX |
Crypto | BTC, DOGE |
Please note: VALE3, PETR3 are Brazilian equities. RY, SHOP are Canadian equities.
Production
Atom offers two modes of authentication on production: the API key method described above, or OAuth 2.0. We recommend using OAuth 2.0 as a more secure means of server-to-server communication. The surface area for exposing credentials is lower using OAuth 2.0 than a conventional API key approach.
Key rotation
If any credentials are leaked, please reach out to your point of contact at Atom to generate new credentials and deactivate your old credentials.