Authentication

All Opelyx API endpoints require authentication via a Bearer token in the Authorization header.

API Key Format

Opelyx API keys follow the format op_ followed by 40 hexadecimal characters:

op_your_api_key_here_1234567890abcdefgh

Using Your API Key

Include the key in the Authorization header on every request:

curl

curl -H "Authorization: Bearer op_YOUR_API_KEY_HERE" \
  https://api.opelyx.com/v1/health/plans?zip=10001&age=25

Python

import requests

headers = {"Authorization": "Bearer op_YOUR_API_KEY_HERE"}
response = requests.get(
    "https://api.opelyx.com/v1/health/plans",
    headers=headers,
    params={"zip": "10001", "age": 25},
)

JavaScript

const response = await fetch(
  "https://api.opelyx.com/v1/health/plans?zip=10001&age=25",
  {
    headers: { Authorization: "Bearer op_YOUR_API_KEY_HERE" },
  },
);

Managing API Keys

API keys are managed through the Opelyx Dashboard:

• Create — Generate new keys with descriptive labels
• View — See all active keys and their creation dates
• Revoke — Immediately disable a compromised or unused key

⚠ Keep your API key secret

Never share your API key publicly or commit it to version control. Store it in environment variables and use .env files locally. If a key is compromised, revoke it immediately from the dashboard.

Key Security Best Practices

Caution

Never commit API keys to version control. Use environment variables instead.

• Store keys in environment variables (OPELYX_API_KEY)
• Use .env files locally (add to .gitignore)
• Rotate keys periodically via the dashboard
• Use separate keys for development and production
• Revoke keys immediately if compromised

Error Responses

Status	Meaning	Action
401	Missing or invalid API key	Check the Authorization header format
402	Feature requires a higher tier	Upgrade your plan
429	Rate limit exceeded	Wait for Retry-After seconds, then retry

All error responses follow RFC 9457 Problem Details format.