Getting Your API Key

To access Rulebook Company’s market microstructure data, you’ll need an API key.

Request Access

1

Contact Sales

Email support@rulebook.company with:
  • Your firm name and role
  • Use case description
  • Expected data volume
  • Integration timeline
2

Review Terms

Our team will provide:
  • Pricing information
  • Data licensing agreement
  • Service level agreement (SLA)
  • Trial options for qualified firms
3

Receive Credentials

After agreement, you’ll receive:
  • API key via secure email
  • Access to documentation
  • Integration support contact
Enterprise trials are available for qualified institutional trading firms.

Managing Your API Key

Secure Storage

Never hardcode API keys in your source code. Use secure storage solutions: 
# Using environment variables
import os
API_KEY = os.environ.get('RULEBOOK_API_KEY')

# Using AWS Secrets Manager
import boto3
from botocore.exceptions import ClientError

def get_secret():
    secret_name = "rulebook/api_key"
    region_name = "us-east-1"

    session = boto3.session.Session()
    client = session.client(
        service_name='secretsmanager',
        region_name=region_name
    )

    try:
        get_secret_value_response = client.get_secret_value(
            SecretId=secret_name
        )
    except ClientError as e:
        raise e

    return get_secret_value_response['SecretString']

Security Best Practices

  • Rotate API keys every 90 days minimum
  • Contact support to generate new keys
  • Implement zero-downtime key rotation in your systems
  • Development environment: separate API key
  • Staging environment: separate API key
  • Production environment: separate API key
  • Never share keys between environments
  • Limit API key access to authorized personnel only
  • Use IP whitelisting when available
  • Monitor API usage for anomalies
  • Set up alerts for unusual API call patterns
  • Track rate limit usage
  • Monitor error rates

Key Rotation

When rotating API keys:
  1. Generate new key: Contact support for a new API key
  2. Update staging: Deploy new key to staging environment
  3. Test thoroughly: Verify all integrations work with new key
  4. Update production: Deploy new key to production
  5. Revoke old key: Inform support to revoke the old key after 24 hours
If your API key is ever compromised, contact support immediately to revoke it and issue a new one.

Troubleshooting

Common API key issues:
  • Check that your API key is correctly formatted
  • Verify the Authorization header is set properly
  • Ensure the key hasn’t expired or been revoked
  • Check your current rate limits in the dashboard
  • Implement exponential backoff in your code
  • Contact support to discuss higher limits
  • Verify your subscription includes access to the requested endpoint
  • Check if IP whitelisting is configured correctly
  • Ensure your key has the necessary permissions

Need Help?

Contact Support

Our team can help with API key management, rotation, and security best practices.