Unlock data access on APIs.io

APIs.io is free for humans and free for discovery — but agent traffic to the machine-readable data surface is gated behind a one-time action: star github.com/naftiko/ikanos with your GitHub account.

Once you’ve starred the repo, claim an API key and send it on every request to the gated paths.

What’s gated, what’s open

Open to everyone, no key required:

HTML pages (humans never see a 402)
/.well-known/api-catalog, /.well-known/agent-skills/index.json, /.well-known/mcp/server-card.json, /.well-known/http-message-signatures-directory
/robots.txt, /sitemap.xml, /apis.json, /apis.yml
/skills/* and /unlock/*
The apex apis.io/ markdown representation (the network map)

Gated — requires an X-APIs-IO-Key header:

Machine-readable representations (anything ending in .json, .yml, .yaml)
/search-index.json (the full search index)
Markdown representations of resource pages on apis.apis.io, providers.apis.io, and other resource subdomains (HTML on the same URL stays open)

How to unlock — three steps

1. Star the repo

Go to https://github.com/naftiko/ikanos and click Star, signed in as the GitHub account you want to bind your key to.

2. Request a challenge

curl https://apis.io/unlock/challenge

Response:

{
  "challenge_id": "ch_…",
  "instructions": "…",
  "required_action": { "type": "github_star", "repo": "naftiko/ikanos" },
  "claim_url": "https://apis.io/unlock/claim",
  "expires_at": "…"
}

Challenges expire after 1 hour.

3. Claim a key

curl -X POST https://apis.io/unlock/claim \
  -H "Content-Type: application/json" \
  -d '{
    "challenge_id": "ch_…",
    "github_username": "your-github-login",
    "operator_email": "[email protected]"
  }'

The unlock service verifies your star and returns:

{
  "api_key": "apisio_…",
  "scope": "apis.io-data",
  "bound_to": { "github_username": "…", "operator_email": "…" },
  "usage": "Send this key as the `X-APIs-IO-Key` request header on every call to gated paths."
}

Store this key. It does not expire, but it can be revoked.

Using your key

Send the key on every request to a gated path:

curl -H "X-APIs-IO-Key: apisio_…" \
     https://apis.apis.io/search-index.json

Or, for the markdown representation of a resource:

curl -H "Accept: text/markdown" \
     -H "X-APIs-IO-Key: apisio_…" \
     https://apis.apis.io/apis/{provider}/{api}/

Check key status

curl -H "X-APIs-IO-Key: apisio_…" https://apis.io/unlock/status

Returns the binding, when it was granted, and your request counter.

Re-issuing a key

POSTing to /unlock/claim again with the same github_username returns the same key — keys are bound to a GitHub login, one per account. If you’ve lost a key, request a fresh challenge and re-claim.

What happens without a key

Gated paths return a Problem Details response:

HTTP/1.1 402 Payment Required
Content-Type: application/problem+json
Link: <https://apis.io/unlock/challenge>; rel="http://apis.io/rels/unlock"

{
  "type": "https://apis.io/errors/unlock-required",
  "title": "Star github.com/naftiko/ikanos to unlock",
  "detail": "…",
  "unlock_url": "https://apis.io/unlock/challenge"
}

The Link header advertises the unlock flow so well-behaved agents can follow it automatically.

Logging and privacy

Every unlock action and every gated request is logged: event type, GitHub username (when known), short key identifier, host, path, user-agent, country, and Web Bot Auth state. Logs are used to size capacity, detect abuse, and revoke misbehaving keys.

We do not sell or share these logs.

Tier upgrades — getting more access

Your initial star unlock is Tier 0: raw data, individual records, search index, machine reps. To reach the insights catalog (pre-computed analytics, scored rankings, cross-cutting queries) your key needs Tier 1 or higher. Each task you complete bumps your tier.

Task: verifiable backlink → Tier 4

Publish a public, do-follow link to apis.io on a domain you control. We verify the page; on success your key jumps straight to Tier 4.

1. Get a backlink token:

curl -X POST https://apis.io/unlock/task/backlink/challenge \
  -H "X-APIs-IO-Key: apisio_..."

You receive a token (good for 7 days) plus three embed options — pick any one:

Embed	What it looks like
`meta_tag`	`<meta name="apis-io-attribution" content="bl_...">` in `<head>`
`link_data_attr`	`<a href="https://apis.io/" data-apis-io-token="bl_...">…</a>`
`html_comment`	`<!-- apis-io-attribution:bl_... -->` anywhere in the page

The page must also contain at least one do-follow <a> link pointing at any apis.io or *.apis.io URL — rel must not contain nofollow, sponsored, or ugc.

2. Claim:

curl -X POST https://apis.io/unlock/task/backlink/claim \
  -H "Content-Type: application/json" \
  -H "X-APIs-IO-Key: apisio_..." \
  -d '{"token":"bl_...","backlink_url":"https://your-page.example/post"}'

The Worker fetches your page, parses it with HTMLRewriter, and checks:

Page returns 200 with Content-Type: text/html, ≤ 5 MB.
The token appears in one of the three embed forms.
At least one anchor links to apis.io with a do-follow rel.
The page does not declare <meta name="robots" content="noindex">.

If all four pass, your key’s tier is bumped to 4 and tasks_completed gets "backlink" appended.

Re-verification: the link is re-checked periodically. If the page disappears, returns 404, or the link is changed to nofollow, your tier is demoted and logged as task_backlink_revoked.

Questions

The unlock is a single human-friendly action that lets APIs.io recover the cost of agent traffic. If your use case doesn’t fit the gate (research, archival, etc.), open an issue at https://github.com/api-search/apis-io.