The Iconfinder API uses API keys to authenticate the requests. You can create an application and manage your API keys under your account settings. The API key should be sent as an HTTP header with every request in the format Authorization: Bearer [API_KEY].

Here are some examples that perform a simple GET request to the categories endpoint.

curl -H "Authorization: Bearer hkc67veeMhd4QPQ2rbznsWIEOfynqC6uGzMWEVraG3FFOg0rYkZl2eZzLW8TXEZV" -X GET
import requests

API_SECRET    = "hkc67veeMhd4QPQ2rbznsWIEOfynqC6uGzMWEVraG3FFOg0rYkZl2eZzLW8TXEZV" # Keep this secret

def get_categories():
  # Create the categories endpoint
  categories_endpoint = BASE_ENDPOINT + 'categories'

  # Create the authorization header (and any additional ones if needed)
  headers = {'Authorization': 'Bearer ' + API_SECRET}

  # Make the GET request.
  response = requests.get(categories_endpoint,

  return response.content

# Try it out


Error messagePossible solutionError code
The provided API key is invalid.Please check that your API key is the one listed in your account.401
Authorization header not set.Please check that the header contains the Authorization field when making a request to the API. It's needed for all requests.400
Authorization failed, check if the api_key is set correctly.The Authorization field was found in the header, but the API key was not set correctly. Please double-check the syntax.400


Keep your API keys secret

Do not share your API keys in publicly accessible areas or put them in version control or client-side code. It's a good practice to set secrets like the API key as environment variable and then read it in the code.


Use an API key per application

If you are integrating the Iconfinder API in multiple applications, it's recommended to generate separate API keys for each one. The same is valid if you are working in multiple environments, e.g. development, staging and production.