Overview The SG Cars Trends API uses Bearer Token authentication for secure access to protected endpoints. Most API endpoints require authentication, with the exception of health checks and some workflow endpoints.
API Key Requirements
Protected Endpoints
All /v1/* endpoints (cars, coe, months data)
/workflows/trigger endpoint
Public Endpoints
/health endpointIndividual workflow endpoints (/workflows/cars, /workflows/coe)
Social media webhook endpoints
Getting Your API Key API keys are currently issued on a case-by-case basis. To request an API key:
Create an issue in our GitHub repository
Describe your use case and expected usage volume
Provide your contact information
Wait for approval and key issuance
Using Your API Key Include your API key in the Authorization header using the Bearer token format:
Authorization: Bearer YOUR_API_KEY Request Examples curl -X GET \ "https://api.sgcarstrends.com/v1/cars" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json"
Authentication Errors Common Error Responses Missing Authorization Header
Invalid Token Format
Invalid Token
Expired Token
{ "success" : false , "error" : "Missing Authorization header" , "code" : 401 }
Rate Limiting The API implements rate limiting based on your authentication status:
Authentication Status Rate Limit Window Authenticated 100 requests 1 minute Unauthenticated 10 requests 1 minute
Rate limit information is included in response headers:
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 95 X-RateLimit-Reset: 1640995200 Rate Limit Exceeded When you exceed the rate limit, you’ll receive a 429 Too Many Requests response:
{ "success" : false , "error" : "Rate limit exceeded. Please try again later." , "code" : 429 , "retry_after" : 60 } Best Practices 1. Secure Storage Never expose your API key in client-side code, public repositories, or logs.
Do:
Store API keys in environment variables
Use secure key management systems
Rotate keys regularly
Don’t:
Hardcode keys in your application
Commit keys to version control
Share keys in plain text
2. Error Handling Always implement proper error handling for authentication failures:
try { const response = await fetch ( 'https://api.sgcarstrends.com/v1/cars' , { headers: { 'Authorization' : 'Bearer YOUR_API_KEY' , 'Content-Type' : 'application/json' , }, }); if ( ! response . ok ) { if ( response . status === 401 ) { throw new Error ( 'Authentication failed. Check your API key.' ); } throw new Error ( `HTTP error! status: ${ response . status } ` ); } const data = await response . json (); return data ; } catch ( error ) { console . error ( 'API request failed:' , error . message ); throw error ; }
3. Respect Rate Limits Implement backoff strategies when hitting rate limits:
async function makeAPIRequest ( url , options = {}) { const maxRetries = 3 ; let retryCount = 0 ; while ( retryCount < maxRetries ) { try { const response = await fetch ( url , options ); if ( response . status === 429 ) { const retryAfter = response . headers . get ( 'Retry-After' ) || 60 ; await new Promise ( resolve => setTimeout ( resolve , retryAfter * 1000 )); retryCount ++ ; continue ; } return response ; } catch ( error ) { retryCount ++ ; if ( retryCount === maxRetries ) throw error ; await new Promise ( resolve => setTimeout ( resolve , 1000 * retryCount )); } } } Environment Variables Store your API key as an environment variable:
SG_CARS_TRENDS_API_KEY = your_api_key_here
Next Steps 
