Authentication

All API and MCP requests are authenticated. Choose the method that fits your integration.

API Keys

API keys are the simplest way to authenticate. Create one from your Account dashboard:

Go to Account → API Keys → Create Key
Give your key a descriptive name (e.g. "production-backend")
Copy the key immediately — it won't be shown again

Include the key as a Bearer token in the Authorization header:

# Every request must include your API key
curl https://legaldatahunter.com/v1/search \
  -H "Authorization: Bearer sk-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{"q": "right to be forgotten", "namespace": "case_law"}'

Key format: All API keys start with the sk- prefix. You can have up to 10 active keys per account. Revoke unused keys from the Account dashboard.

OAuth 2.0

For web applications and MCP clients, we support OAuth 2.0 with two identity providers:

GitHub — ideal for developer tools and CLI integrations
Google — ideal for workspace and enterprise integrations

After a successful sign-in, a JWT session cookie is issued with a 7-day expiry. The cookie is automatically included in subsequent requests from the browser.

MCP clients: OAuth is handled automatically. Simply paste the MCP server URL into your client (e.g. Claude Desktop, Cursor) and follow the browser sign-in prompt. No manual token management required.

Rate Limit Tiers

Your plan determines how many requests you can make. Limits are enforced per API key or authenticated session.

Plan	Daily Limit	Monthly Limit	Per Minute
Anonymous (no auth)	5	20	3	—
Free	20	600	10	$0
Dev	1,000	5,000	100	See pricing
Pro	Unlimited	30,000	300	See pricing
Enterprise	Unlimited	Unlimited	1,000	Contact us

When you exceed a limit, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.

Unauthenticated Access

A small set of discovery and informational endpoints work without any authentication, subject to the anonymous rate limits above:

Endpoint	Description
`GET /v1/discover/*`	Country and source discovery
`GET /v1/stats`	Aggregate database statistics
`GET /v1/manifest`	Full source manifest
`GET /v1/billing/plans`	Plan and pricing information

Tip: Even for public endpoints, authenticated requests receive higher rate limits. Include your API key whenever possible.

Next: Search API →