Basics

Learn how to authenticate your requests to the Brave Search API using subscription tokens

Overview

The Brave Search API uses API key authentication to secure requests. Every API request must include your subscription token in the request header to authenticate and authorize access.

Your API key is confidential and should be kept secure. Never expose it in client-side code, public repositories, or any public location.

Obtaining Your API Key

To get started with the Brave Search API, you’ll need a subscription token:

  1. Subscribe to a plan — Visit the Brave Search API page and choose a plan that fits your needs
  2. Create an API key — Once subscribed, navigate to the API Keys section in your dashboard and create a new key
  3. Copy your token — Your subscription token will be displayed. Copy it to use in your requests

Even on the Free plan, you need to subscribe to obtain an API key. You won’t be charged for the free tier.

Authentication Method

All requests to the Brave Search API must include your subscription token in the X-Subscription-Token HTTP header.

Header Format

X-Subscription-Token: YOUR_API_KEY

Code Examples

Here are examples of how to authenticate your search queries:

curl "https://api.search.brave.com/res/v1/web/search?q=brave+search" \
  -H "X-Subscription-Token: YOUR_API_KEY"
import requests

url = "https://api.search.brave.com/res/v1/web/search"
headers = {
    "Accept": "application/json",
    "Accept-Encoding": "gzip",
    "X-Subscription-Token": "YOUR_API_KEY"
}
params = {
    "q": "brave search"
}

response = requests.get(url, headers=headers, params=params)
data = response.json()
print(data)
const url = new URL("https://api.search.brave.com/res/v1/web/search");
url.searchParams.append("q", "brave search");

const response = await fetch(url, {
  headers: {
    Accept: "application/json",
    "Accept-Encoding": "gzip",
    "X-Subscription-Token": "YOUR_API_KEY",
  },
});
const data = await response.json();
console.log(data);

Best Practices

Secure Storage

Never hardcode your API key directly in your source code. Instead, use environment variables or secure configuration management:

import os

api_key = os.environ.get('BRAVE_API_KEY')
headers = {
    'X-Subscription-Token': api_key
}
const apiKey = process.env.BRAVE_API_KEY;
const headers = {
  "X-Subscription-Token": apiKey,
};
export BRAVE_API_KEY="your_actual_api_key_here"

Key Rotation

Regularly rotate your API keys as a security best practice. You can generate new and revoke old keys from the dashboard.

If you suspect your API key has been compromised, immediately revoke it from your dashboard and generate a new one.

More

To learn more about best practises, see OWASP Cheat Sheet for Secrets Management.

Next Steps

API Overview

Learn about available endpoints and features

API Reference

Explore detailed API documentation