API Keys

Gilito AI provides a REST API that allows you to programmatically access signals, strategy results, rankings, and other data from your workspace. API keys are used to authenticate your requests.

What API Keys Are For

API keys let you integrate Gilito AI data into your own applications, trading systems, dashboards, or analysis pipelines. With an API key, you can:

Fetch current signals and rankings for assets in your watchlist
Retrieve strategy backtesting results programmatically
Access portfolio data and performance metrics
Build custom dashboards or integrate with third-party tools
Automate workflows based on Gilito AI signals

Creating an API Key

Only workspace admins (super-admin or account-admin) can create API keys. Standard users do not have access to this feature. To create an API key:

Go to Settings > API Keys in your Gilito AI dashboard.
Click Create API Key.
Give your key a descriptive name (e.g., "Trading Bot", "Analytics Dashboard", "Internal Reporting").
Click Create.
Your new API key will be displayed. Copy it immediately and store it securely.

Important: The full API key is only shown once at creation time. After you close the dialog, you will only see a masked version of the key. If you lose the key, you will need to revoke it and create a new one.

Key Format

All Gilito AI API keys are prefixed with gil_ followed by a unique string of characters. For example:

gil_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

The gil_ prefix makes it easy to identify Gilito AI keys in your codebase and helps secret scanning tools (like GitHub's secret scanning) detect accidentally committed keys.

Using the API Key

To authenticate your API requests, include your API key in the Authorization header as a Bearer token:

GET /api/v1/signals HTTP/1.1
Host: api.gilito.ai
Authorization: Bearer gil_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Example using curl:

curl -H "Authorization: Bearer gil_YOUR_API_KEY" \
  https://api.gilito.ai/api/v1/signals

The API key inherits the permissions of the workspace it belongs to. It has access to all data within that workspace, subject to the workspace's plan limits. API keys do not have their own separate permission scopes.

Revoking API Keys

If an API key is compromised or no longer needed, you should revoke it immediately. To revoke a key:

Go to Settings > API Keys in your dashboard.
Find the key you want to revoke in the list.
Click Revoke next to the key.
Confirm the revocation.

Once revoked, the key is immediately invalidated. Any requests using that key will receive a 401 Unauthorized response. Revocation cannot be undone — you will need to create a new key if you need API access again.

Security Best Practices

API keys grant access to your workspace data. Treat them with the same care as passwords:

Never commit API keys to version control. Use environment variables or secret management tools instead.
Never share keys in plain text via email, chat, or documentation.
Use descriptive names for each key so you know which application or service uses it.
Create separate keys for different applications or environments (development, staging, production).
Rotate keys periodically. Revoke old keys and create new ones on a regular schedule.
Revoke unused keys. If an integration is no longer active, revoke its API key immediately.
Monitor usage. If you notice unexpected API activity, revoke all keys and create new ones.

Store your API keys in environment variables (e.g., GILITO_API_KEY=gil_...) and load them at runtime. Never hardcode them in your source code.

Full API Documentation

For complete API documentation including all available endpoints, request/response formats, rate limits, and code examples, visit the Gilito AI Developer Portal:

developers.gilito.ai

The developer portal includes interactive API explorers, SDK documentation, webhook configuration guides, and code samples in multiple programming languages.

Was this article helpful?

Still need help?

Browse these resources or use the chat widget in the bottom-right corner.

FAQ Troubleshooting API Docs

← Team & Workspace Feature Availability →