Some Scryfall API methods require authentication. If a method does,
it will document its authentication type on its page.
Methods that don’t document an authentication type are public
and can be called anonymously.
Scryfall uses HTTP
Authorization: Bearer headers for authentication.
Bearer must be followed by exactly one space (
and then the required secret key for the current method.
The different authentication modes are:
Public methods require no
The method is performed as your application
The method is performed with the rights of the grant account
For example, if you are submitting a request to a method that
requires Application authorization, you must submit an
HTTP header like
Authorization: Bearer X
X is your
client_secret token, including the