Authentication

Public API endpoints require an API key.

Use the x-api-key header:

curl "https://www.dyli.io/api/public/v1/search?q=charizard" \
  -H "x-api-key: $DYLI_API_KEY"

Or use a bearer token:

curl "https://www.dyli.io/api/public/v1/search?q=charizard" \
  -H "Authorization: Bearer $DYLI_API_KEY"

For quick browser testing, apiKey or apikey is accepted as a query param. Use ?apiKey=... when it is the first query param, then & for any params after that.

curl "https://www.dyli.io/api/public/v1/fair-drops/31412/verify?apiKey=$DYLI_API_KEY"

Storage

DYLI stores key prefixes and SHA-256 hashes, not raw keys. If a key is lost, revoke it and issue a new one.

Free keys are limited to 30 requests per minute. Responses also use short-lived caching where it makes sense, so integrations can poll without hammering the database.

Storage​

Storage