Authentication

The PadStats API uses API keys for authentication. Pass your key in the X-API-Key header on every request.

curl -X POST https://api.padstats.io/v1/avm/property \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Getting an API key

API keys are issued from the PadStats dashboard. Each key is tied to your account and plan tier.

Using your key

Python
import requests

response = requests.post(
    "https://api.padstats.io/v1/avm/property",
    headers={"X-API-Key": "YOUR_API_KEY"},
    json={
        "address": "123 Main St, Austin, TX 78701",
        "total_bedrooms": 3,
        "total_bathrooms": 2,
    }
)

JavaScript
const response = await fetch("https://api.padstats.io/v1/avm/property", {
  method: "POST",
  headers: {
    "X-API-Key": "YOUR_API_KEY",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    address: "123 Main St, Austin, TX 78701",
    total_bedrooms: 3,
    total_bathrooms: 2,
  }),
});

Security best practices

Never expose your API key in client-side code or public repositories. Store it as an environment variable.
Use one key per environment (development, staging, production) so you can rotate or revoke each independently.
Rotate immediately if you suspect a key has been compromised — issue a new key from the dashboard and invalidate the old one.

Error responses

Status	Meaning
`401 Unauthorized`	Key is missing or malformed
`403 Forbidden`	Key is valid but does not have access to this endpoint or plan tier
`422 Unprocessable Entity`	Request body failed validation — check the `detail` field for field-level errors
`429 Too Many Requests`	Rate limit exceeded for your plan tier

Getting an API key​

Using your key​

Security best practices​

Error responses​

Getting an API key

Using your key

Security best practices

Error responses