Authentication

Learn how to authenticate your requests and manage API keys securely.

Getting an API Key

To use the NewsAPI, you need an API key. Here is how to get one:

  1. Create a free account on NewsAPI.
  2. Navigate to your Dashboard.
  3. Go to the API Keys section and click “Create New Key”.
  4. Give your key a descriptive name (e.g., “Production App” or “Development”).
  5. Copy the generated key and store it securely.

Important: Your API key is shown only once when created. Store it in a secure location such as an environment variable. Never expose your API key in client-side code or public repositories.

Using Your API Key

Include your API key in every request using the X-API-Key header.

Using the X-API-Key headerbash
curl -X GET "https://api.newsapi.dev/v1/latest-news" \
  -H "X-API-Key: nsa_live_k8xj2m9p4qr5s7t1u3v6w0y"

JavaScript Example

Node.js / JavaScriptjavascript
const response = await fetch("https://api.newsapi.dev/v1/latest-news", {
  headers: {
    "X-API-Key": process.env.NEWSAPI_KEY
  }
});

const data = await response.json();

Python Example

Pythonpython
import os
import requests

response = requests.get(
    "https://api.newsapi.dev/v1/latest-news",
    headers={"X-API-Key": os.environ["NEWSAPI_KEY"]}
)

data = response.json()

Rate Limiting

API rate limits depend on your subscription plan. When you exceed your rate limit, the API returns a 429 Too Many Requests status code.

PlanRate LimitReset Period
Free1,000 requestsDaily (midnight UTC)
Builder75,000 requestsMonthly
Professional300,000 requestsMonthly
Enterprise600,000 requestsMonthly

Rate Limit Headers

Every API response includes headers to help you track your usage:

Rate limit response headershttp
X-RateLimit-Limit: 75000
X-RateLimit-Remaining: 74523
X-RateLimit-Reset: 2025-02-01T00:00:00Z

Security Best Practices

1

Use environment variables

Store your API key in environment variables, never hardcode it in your source code.

2

Server-side requests only

Always make API requests from your backend server, never from client-side JavaScript.

3

Use separate keys per environment

Create separate API keys for development, staging, and production environments.

4

Rotate keys regularly

Rotate your API keys periodically and revoke any keys that may have been compromised.