Prefer to chat? Query the API with natural language using our AI Skill →
Give your AI tool live Cito endpoint context before you write integration code.
Public docs assistant
Tell Cito API what you are building.
Get endpoint recommendations, exact requests, code snippets, and a free-key CTA without digging through every page.
Authentication
Cito API uses API keys to authenticate requests. Keep your keys secure and never expose them in client-side code.
API Key Types
Live Keys
cito_live_...Account API keys that access Cito API data. Use these in your deployed applications.
Demo Key
pk_demo_...Read-only public demo key for quick testing before signup.
Using Your API Key
Include your API key in the x-api-key header of every request:
curl -X GET "https://api.citoapi.com/api/v1/cod/matches/live" \
-H "x-api-key: cito_live_your_key_here" \
-H "Content-Type: application/json"Or using direct HTTP in your backend:
// JavaScript / Node
const response = await fetch("https://api.citoapi.com/api/v1/cod/matches/live", {
headers: { "x-api-key": process.env.CITO_API_KEY }
});
// Python
response = requests.get(
"https://api.citoapi.com/api/v1/cod/matches/live",
headers={"x-api-key": os.environ["CITO_API_KEY"]}
)Security Best Practices
API keys should only be used server-side. Never include them in JavaScript that runs in the browser.
Store keys in environment variables, not in source code.
export CITO_API_KEY="cito_live_your_key_here"Generate new keys periodically and revoke old ones from the dashboard.
Immediately revoke it from your dashboard and generate a new one. Contact support if you notice unauthorized usage.
Authentication Errors
| Code | Error | Description |
|---|---|---|
401 | Unauthorized | Missing or invalid API key |
403 | Forbidden | API key doesn't have access to this resource |
429 | Rate Limited | Too many requests, see rate limits |
{
"error": {
"type": "authentication_error",
"message": "Invalid API key provided",
"code": "invalid_api_key"
}
}