Public data only
Sentrion analyzes publicly available data: job postings from 230+ job boards, SEC filings, executive announcements, and technology adoption signals. We never track website visitors, install cookies, or use browser-based intent data.
Bearer token authentication
Every API request is authenticated with a Bearer token. API keys are generated in your dashboard under Settings and scoped to your account. Treat your API key like a password and never share it publicly.
Webhook signature verification
Webhook payloads are signed with HMAC-SHA256. Every delivery includes X-Calgary-Signature and X-Calgary-Timestamp headers so you can verify payloads were sent by Sentrion and haven't been tampered with.
Rate limiting
API endpoints are rate-limited to 100 requests per minute per key. If you exceed this limit you'll receive a 429 response. This protects both your account and the platform from abuse.
No privacy headwinds
Unlike browser-based intent vendors that face increasing scrutiny from cookie deprecation and GDPR, Sentrion's signal sources are inherently public. This means a cleaner liability posture for your team and faster procurement cycles.
Scoped access
Each API key is tied to a single account with its own credit balance and rate limits. Historical data endpoints beyond 6 months require explicit permission. There is no shared-key or cross-account data leakage.
API security at a glance
All communication happens over HTTPS. Every request requires a valid API key. Responses follow a consistent envelope so errors are never ambiguous.
Have a security question?
We're happy to walk through our data practices and answer any questions your security or procurement team might have.