Authentication
API keys, rate limits, and how to authenticate your requests.
Using your API key
Get your key at geoheim.com/dashboard. Keys start with hk_live_.
Header (preferred)
curl "https://api.geoheim.com/search?q=Berlin&format=json" \ -H "Authorization: Bearer hk_live_…"
Query parameter (for quick testing)
curl "https://api.geoheim.com/search?q=Berlin&format=json&api_key=hk_live_…"
The header method is preferred — query params may appear in server logs and browser history.
Rate limits
| Tier | Requests/day | Requests/month | Price |
|---|---|---|---|
| Free (IP only) | 1,000 | ~30,000 | Free |
| Free (with key) | 10,000 | ~300,000 | Free |
| Indie | 33,334 | 1,000,000 | $29/mo |
| Startup | 166,667 | 5,000,000 | $99/mo |
| Business | 666,667 | 20,000,000 | $299/mo |
Rate limit headers
Every response includes these headers:
X-RateLimit-Limit: 33334 X-RateLimit-Remaining: 32891 X-RateLimit-Reset: 1711324800
X-RateLimit-Limit — your daily quota
X-RateLimit-Remaining — requests left today
X-RateLimit-Reset — Unix timestamp when the counter resets
Self-hosted? No key needed.
When you run your own instance, authentication is disabled by default. Same API, zero configuration.