secapi is a command-line client for SEC filings, filing sections, search,
and other SEC API workflows. It is designed for terminals, scripts, and agent
workflows.
Install the public npm package globally:
npm install -g @secapi/cliRun the fastest successful command:
secapi healthIt needs no credential. A successful response is JSON containing "ok": true
and exits with code 0. This verifies API reachability only; it does not verify
your account or API key.
Create an API key in the SEC API developer portal, then set it for the current shell session and request a filing:
export SECAPI_API_KEY="secapi_live_..."
secapi filings latest --ticker AAPL --form 10-K --jsonThe command exits 0 and writes the latest matching filing response. Add
--request-summary when you need the request ID, trace context, or billing
headers on stderr. To retrieve a filing section from the same issuer, such as
risk factors, run:
secapi sections get --ticker AAPL --form 10-K --section item_1a --view agentThe CLI reads SECAPI_API_KEY and sends it as the x-api-key header. It
deliberately rejects API keys supplied as command-line arguments, which can
leak through shell history and process listings. For a runner that cannot use
environment variables, pipe a key on standard input instead:
printf '%s' "$SECAPI_API_KEY" | secapi filings latest --ticker AAPL --form 10-K --api-key-stdin--api-key-stdin accepts no value; standard input must contain the key. Bearer
tokens are a separate authentication mode for commands that require them; do
not pass an API key as Authorization: Bearer.
secapi --help
secapi filings latest --help
secapi examples --json=falseRun secapi without arguments from an interactive terminal to open the
terminal interface. For commands and scripts, --json forces JSON and
--output <file> writes the normal JSON or raw output to a file. The file is
created with owner-only permissions.
CLI and API failures exit nonzero and print an actionable error on stderr. For
a failed read request, correct the configuration or service condition and rerun
it; use --request-summary to retain the request ID for support. Do not blindly
retry mutations. Check that command's --help first and use --dry-run where
the command supports it.
secapi doctor reports the configured origin and credential source without
printing secrets, checks health, and checks account context only when a
credential is available. secapi support bundle produces a redacted diagnostic
bundle for a support handoff.
Install @secapi/cli and use secapi in new scripts. omni-sec remains a
compatibility alias.