Back to Docs
Authentication
All API requests require an API key. Free accounts get hazard scores with rate limits. Paid plans unlock full hardening ROI analysis, measure breakdowns, and higher rate limits.
Getting an API Key
Create a free account to get your API key:
curl -X POST https://wildfirecost-api.smarttechinvest.com/v1/signup \
-H "Content-Type: application/json" \
-d '{"name": "Your Name", "email": "you@example.com", "password": "min8chars"}'The response includes your API key. Save it immediately -- it will not be shown again.
{
"success": true,
"data": {
"message": "Account created successfully",
"apiKeyPrefix": "wfc_a1b2...",
"apiKey": "wfc_a1b2c3d4e5f6..."
}
}Using Your API Key
Pass your API key in the X-API-Key header:
curl https://wildfirecost-api.smarttechinvest.com/v1/risk/county/06037 \ -H "X-API-Key: wfc_your_api_key_here"
Node.js
const response = await fetch(
'https://wildfirecost-api.smarttechinvest.com/v1/risk/county/06037',
{ headers: { 'X-API-Key': process.env.WILDFIRECOST_API_KEY } }
);
const data = await response.json();Python
import requests
import os
response = requests.get(
"https://wildfirecost-api.smarttechinvest.com/v1/risk/county/06037",
headers={"X-API-Key": os.environ["WILDFIRECOST_API_KEY"]}
)
data = response.json()Rate Limits
Rate limits vary by plan. Every response includes rate limit headers:
| Header | Description |
|---|---|
| X-RateLimit-Limit | Maximum requests in the current window |
| X-RateLimit-Remaining | Requests remaining in the current window |
| X-RateLimit-Reset | UTC timestamp when the window resets |
Limits by Plan
| Plan | Daily Limit | Monthly Limit |
|---|---|---|
| Free | 1 | 30 |
| Single Report | 5 | 150 |
| Buyer Pack | 10 | 300 |
| Pro | 100 | 3,000 |
| Lifetime | 100 | Unlimited |
Key Management
You can manage your API keys from the API Keys dashboard or via the API:
List Keys
curl https://wildfirecost-api.smarttechinvest.com/v1/account/keys \ -H "X-API-Key: wfc_your_key"
Rotate Key
curl -X POST https://wildfirecost-api.smarttechinvest.com/v1/account/keys/rotate \ -H "X-API-Key: wfc_your_key"
Rotation revokes your old key and issues a new one. Update your integrations immediately.
Security Best Practices
- •Never expose your API key in client-side code or public repositories.
- •Use environment variables (
WILDFIRECOST_API_KEY) to store keys. - •Rotate your key immediately if you suspect it has been compromised.
- •Use the MCP server for AI integrations -- it handles auth via
WILDFIRECOST_API_KEYenv var.