Authentication

How API keys and authentication work across Quantish MCP servers.

Overview

Quantish uses API keys to authenticate requests to our MCP servers. Each server (Discovery, Polymarket, Kalshi) requires its own API key.

🔍

Discovery API Key

Read-only access to search markets across platforms

📊

Polymarket API Key

Full trading access on Polymarket (requires access code)

📈

Kalshi API Key

Full trading access on Kalshi via DFlow (requires access code)

Generating API Keys

Discovery (Free)

  1. Go to Get API Key
  2. Select "Discovery" server
  3. Enter your email
  4. Click "Generate API Key"

No access code required for Discovery.

Polymarket & Kalshi (Access Code Required)

  1. Email hello@quantish.live to request an access code
  2. Include your use case and expected trading volume
  3. Receive your access code within 24 hours
  4. Use the access code when generating your API key

Why access codes? Access codes help us manage server capacity and ensure quality service for all users. They also help prevent abuse.

Using API Keys

In Cursor MCP Config

Add your API key to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "quantish_discovery": {
      "url": "https://quantish.live/mcp",
      "headers": {
        "X-API-Key": "qm_your_api_key_here"
      }
    }
  }
}

Direct API Calls

For direct HTTP requests, include the API key in the X-API-Key header:

curl -X POST https://quantish.live/api/mcp/execute \
  -H "Content-Type: application/json" \
  -H "X-API-Key: qm_your_api_key_here" \
  -d '{"tool": "search_markets", "args": {"query": "bitcoin"}}'

API Key Format

Quantish API keys follow this format:

qm_[32 random characters]
qm_Prefix identifying Quantish keys
[32 chars]Cryptographically random alphanumeric string

Example: qm_JuTmBHbIyBrmUd1Aif__r1cEpY11dqbm

Security Best Practices

🔒 Keep Keys Secret

Never share your API key publicly. Don't commit it to git or post it in forums/chat.

🔄 Rotate Regularly

Generate new API keys periodically. Revoke old keys you no longer use.

📍 Use Separate Keys

Use different API keys for development vs production. This limits exposure if one is compromised.

🚨 Monitor Usage

If you notice unexpected activity, revoke your key immediately and generate a new one.

Rate Limits

API requests are rate limited to ensure fair usage:

ServerLimitNotes
Discovery100 req/minSearch and read operations
Polymarket60 req/minTrading operations may have lower limits
Kalshi60 req/minSubject to DFlow API limits

Rate limit errors return HTTP 429. Wait and retry with exponential backoff.

API Endpoints

Discovery

MCP: https://quantish.live/mcp

Tools: https://quantish.live/api/mcp/tools

Execute: https://quantish.live/api/mcp/execute

Polymarket

MCP: https://polymarket-mcp.quantish.live/mcp

Kalshi

MCP: https://kalshi-mcp.quantish.live/mcp

Revoking API Keys

To revoke an API key or report suspicious activity:

  1. Email hello@quantish.live
  2. Include the key prefix (first 10 characters, e.g., qm_JuTmBHb)
  3. Describe the reason for revocation

Keys are revoked immediately. Generate a new key to continue using the service.

Related

Get API Key →Cursor SetupAll Tools