Skip to main content
The DealMachine API uses API keys to authenticate requests. You can create keys via the Developer Settings or by using the DealMachine CLI.

API Key Format

API keys follow this format: 
dm_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • dm_sk_ - DealMachine secret key prefix
  • live_ - All keys are live keys (no test environment)
  • The remaining 32 characters are your unique key
All API keys are live. There is no test/sandbox environment. Be mindful when testing write operations.

Making Authenticated Requests

Include your API key in the Authorization header using the Bearer scheme: 
curl https://api.v2.dealmachine.com/v1/account \
  -H "Authorization: Bearer dm_sk_live_xxx"

Request Headers

HeaderRequiredDescription
AuthorizationYesYour API key in Bearer format
Content-TypeYes*application/json for request bodies
X-Request-IdNoYour own request ID for distributed tracing
* Required for POST, PUT, and PATCH requests with a body. 
const response = await fetch('https://api.v2.dealmachine.com/v1/account', {
  headers: {
    'Authorization': `Bearer ${process.env.DM_API_KEY}`,
    'Content-Type': 'application/json',
  },
});

const { data } = await response.json();

OAuth Access Tokens

The API also supports OAuth 2.0 access tokens for third-party integrations: 
dm_at_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
OAuth tokens have scoped access based on the permissions granted during authorization. See the OAuth documentation for details.

Security Best Practices

API keys should only be used in server-side code. Never include them in JavaScript that runs in the browser, mobile apps, or any client-facing code.
Store your API keys in environment variables, not in your codebase:
export DM_API_KEY=dm_sk_live_xxx
If you suspect a key has been compromised, immediately revoke it in the Developer Settings and create a new one.
Create separate API keys for different integrations or environments so you can revoke one without affecting others.

Getting an API Key

The easiest way to authenticate is using the DealMachine CLI: 
npx @dealmachine/cli login
This opens your browser for secure device authorization and stores credentials locally at ~/.dealmachine/config.json. See the CLI documentation for more details.

From the App

You can also create API keys manually:
  1. Go to Developer Settings
  2. Click “Create API Key”
  3. Give it a descriptive name
  4. Copy the key immediately (it won’t be shown again)

Revoking Keys

To revoke a key:
  1. Go to Developer Settings
  2. Find the key you want to revoke
  3. Click “Revoke”
Revoked keys immediately stop working. Any requests using a revoked key will receive a 401 Unauthorized error.