Authentication
How to get a key, which header to send it on, and what the keyless free tier covers.
Every request to the API carries your key. There is no separate OAuth flow and no signup form beyond signing in to create the key.
Get a key
Open the dashboard, sign in with GitHub or Google, and create a key. It is shown once, so copy it somewhere safe — the dashboard only ever stores the prefix after that. Every new key starts on Free.
Send the key
REST and the MCP server both accept the key as a bearer token:
Authorization: Bearer sk_live_...
The MCP server also accepts the same key as a raw header, for clients that send it that way:
X-API-Key: sk_live_...
Either header authenticates the same key on the same tier. There is no separate key type for MCP versus REST.
No keyless tier
Every request needs a key, including Free. There is no anonymous or unauthenticated access to api.dino.markets. The live game pages on the marketing site are the exception: they show the same matched data on a five-minute delay with no key at all, for browsing rather than programmatic use.
Free tier and limits
Creating a key costs nothing and asks for no payment method. Free covers:
- The matched feed and the arb view over REST (
GET /v2/markets,GET /v2/pairs/{market_id},GET /v2/leagues,GET /v2/coverage) - 60 requests per minute
- The MCP server's tool listing and every read tool (
list_markets,find_arbitrage,get_market,list_leagues,get_coverage,report_bad_arb)
The real-time WebSocket stream (POST /v1/stream/token and the watch_markets MCP tool) needs Basic or Pro; a Free key gets a 402 on the ticket-mint endpoint. See Pricing for the full plan comparison and REST API for the per-plan rate limits.
Errors
A missing or invalid key returns 401. A valid key past its plan's rate limit returns 429. A valid Free key hitting a Basic/Pro-only route (the stream ticket) returns 402.