Authentication

Bearer token

Include your API key in the Authorization header:

Authorization: Bearer BOROUGH_<your-license-key>

Keys are provisioned automatically when you subscribe via Polar.sh.

Key format

Borough API keys use the format BOROUGH_<uuid>, for example:

BOROUGH_a1b2c3d4-e5f6-7890-abcd-ef1234567890

Free-tier access

Search endpoints (/v1/search/rentals, /v1/search/sales) and the areas endpoint (/v1/areas) work without authentication. Unauthenticated requests are subject to:

10 requests/minute rate limit (IP-based)
100 requests/month quota
Maximum 10 results per page

Key validation

Keys are validated against the Polar.sh API and cached for 10 minutes. If your key is revoked or expires, cached access will stop within 10 minutes.

Error responses

Code	Status	Description
`MISSING_API_KEY`	401	No `Authorization` header provided on a protected endpoint
`INVALID_API_KEY`	401	Key doesn’t match any active subscription
`EXPIRED_API_KEY`	401	Subscription has ended
`TIER_RESTRICTED`	403	Endpoint requires a higher tier

Security best practices

Store keys in environment variables, never in client-side code
Rotate keys by creating a new subscription if compromised
Use the minimum tier needed for your use case

Getting Started

Core Concepts

Guides

Bearer token

Key format

Free-tier access

Key validation

Error responses

Security best practices

Getting Started

Core Concepts

Guides

​Bearer token

​Key format

​Free-tier access

​Key validation

​Error responses

​Security best practices

Bearer token

Key format

Free-tier access

Key validation

Error responses

Security best practices