GET STARTED

Authentication

Every StarsAPI request must include a valid API key. Keys can be passed in three ways — the request header method is strongly recommended for production.

API key format

API keys are 64-character SHA256 hex strings prefixed with one of two scopes:

am_live_ — production keys, full rate limits, billed to your account
am_test_ — test keys, lower rate limits, never billed

Example: YOUR_API_KEY

Pass your key in the X-Api-Key HTTP header on every request:

X-Api-Key: am_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This is the only method we recommend for production. The key does not appear in URLs (so it stays out of nginx logs, browser history, and the Referer header) and it doesn't bloat your request body.

Query / body method (legacy)

For quick prototypes, you may also pass api_key as a query parameter or in the JSON request body. Do not use this in production.

https://starsapi.com/api/v3/horoscope/daily?sign=aries&api_key=am_live_xxxx

CORS & browser usage

StarsAPI supports CORS for browser-based applications. By default, all origins are allowed. To restrict allowed origins to your domain only, configure them in your API key settings in the dashboard.

Security warning Calling StarsAPI directly from a public web page exposes your API key in the browser. For client-side apps, restrict the key to your domain(s), use a test-tier key, OR proxy requests through your own server.

Key rotation

You can issue, list, and revoke keys from your dashboard at /dashboard. Rotating a key is instant — the old key stops working the moment the new key is created and the old one is revoked. Update your servers before revoking.