Authentication & Entitlement¶

Lavender Gateway runs locally and serves REST endpoints on localhost:2112. No API key or token is required on individual requests.

How Entitlement Works¶

Access is configured at the Gateway level, not per-request. When you subscribe, you download the Gateway binary for your OS (Gateway.exe on Windows, Gateway on macOS / Linux), run it, and enter the email associated with your subscription. All REST calls served by your Gateway work without any authentication headers.

For non-interactive setups -- service installs, scheduled tasks, container images -- supply the email on the command line so Gateway never prompts:

Gateway.exe -id=me@example.com

See Running Gateway for the full flag reference.

Migrating from a Vendor¶

Because Gateway runs on localhost, any vendor API keys or auth headers in your existing code stay on your machine — they are never sent to an external server. Gateway accepts and ignores them, so you don't need to remove them:

curlPythonJavaScript

curl "http://localhost:2112/l1/greeks?root=AAPL&center=atf&format=json"

import pandas as pd

df = pd.read_csv(
    "http://localhost:2112/l1/greeks?root=AAPL&center=atf&format=csv")
print(df.head())

const response = await fetch(
  "http://localhost:2112/l1/greeks?root=AAPL&center=atf&format=json"
);
const data = await response.json();
console.log(data);

Your vendor credentials stay local

If your existing code sends auth headers or API key parameters, Gateway accepts and ignores them. Since it runs on localhost, your vendor credentials never leave your machine.