Skip to main content
All API endpoints require a Bearer token in the Authorization header.

Request format

Authorization: Bearer <api_key>

Getting an API key

API keys are issued through the console dashboard at console.courtrules.app. Sign in with your organization account to view and manage your keys. Keys follow the format crm_<env>_<random> (e.g. crm_prod_...).

Example request

curl -X GET 'https://api.courtrules.app/api/v1/judges?district_id=edny' \
  -H "Authorization: Bearer YOUR_API_KEY"

Error responses

401: Missing or malformed header

Returned when the Authorization header is missing or doesn’t use the Bearer scheme. 
{
  "error": "Missing or invalid Authorization header. Expected: Bearer <api_key>"
}

403: Invalid key

Returned when the key is present and well-formed but not recognized. 
{
  "error": "Invalid API key"
}

MCP authentication

The MCP server uses OAuth 2.1 instead of API keys. Sample data works immediately with no auth. Full access requires OAuth, which your MCP client handles automatically.

How OAuth works with MCP clients

When you first call a tool that requires full access, your MCP client opens a browser window to console.courtrules.app where you approve the connection. After that, the client manages tokens automatically. You don’t handle tokens yourself.

Claude Code

# Connect (sample data, no auth)
claude mcp add --transport http court-rules https://mcp.courtrules.app/mcp

# When you need full access, Claude Code prompts you to authenticate
# in the browser on first use. No extra setup needed.

Codex CLI

# Connect
codex mcp add court-rules --url https://mcp.courtrules.app/mcp

# Authenticate (opens browser)
codex mcp login court-rules

Claude Desktop / Cursor / VS Code / Windsurf

These clients handle OAuth automatically. On the first tool call requiring full access, a browser window opens to approve the connection. No config changes needed beyond the initial setup in MCP: Enforcement Data or MCP: Court Rules.

Getting full access

Full access requires an account on console.courtrules.app. Contact api@courtrules.app if your organization needs access provisioned.

Security notes

  • API keys are sensitive credentials. Do not commit them to version control or expose them in client-side code.
  • Use environment variables to store keys in your application:
export COURT_RULES_API_KEY="crm_prod_..."

curl -X GET 'https://api.courtrules.app/api/v1/judges?district_id=edny' \
  -H "Authorization: Bearer $COURT_RULES_API_KEY"