Skip to main content
Every request to the EyeQuant API must be authenticated using Bearer token authentication transmitted over HTTPS. You attach your API key directly to each HTTP request via an Authorization header — there are no session cookies, no OAuth flows, and no intermediate login steps. Keep your API key secret and treat it with the same care as a password.
All requests to the EyeQuant API must be made over HTTPS. Plain HTTP requests will not be accepted. This ensures your API key and all response data remain encrypted in transit.

Add the Authorization header

To authenticate, include the following header in every API request, replacing $apikey with your actual API key: 
Authorization: Bearer $apikey
Here is a complete cURL example that retrieves the details of an existing analysis: 
curl \
  -X GET \
  -H "Authorization: Bearer $apikey" \
  https://api.eyequant.com/v2/analyses/YOUR_ANALYSIS_ID
Apply this same Authorization: Bearer $apikey header pattern to every endpoint you call — POST, GET, or otherwise. API responses frequently include URLs that point to further resources. The rules for authenticating those URLs differ depending on where they live:
  • Links under api.eyequant.com — These are first-party API resources. Send the same Authorization: Bearer $apikey header when requesting them, exactly as you would for any other API call.
  • Off-domain links (e.g. AWS S3) — Analysis outputs such as attention heatmap images are served directly from external storage. These URLs already contain time-limited authorization tokens embedded in the query string. Do not attach any additional Authorization header when downloading them; doing so may cause the request to fail.

Obtain your API credentials

API credentials are not self-serve. To get your API key, reach out to the EyeQuant team at sales@eyequant.com. Once you have your key, store it securely — for example, in an environment variable or a secrets manager — and avoid committing it to source control.