Authentication

API Key Authentication

Our API uses token-based authentication. You can obtain an API key from your Developer Dashboard.

Generating an API Key

To generate a new API key, navigate to your settings page and click "Create New API Key". You can manage and revoke your keys from there.

Using Your API Key

Include your API key in the Authorization header of your requests using the Bearer schema. The key should be prefixed with Bearer and a space.

GET /api/v1/users/me 
curl -H "Authorization: Bearer YOUR_API_KEY" https://api.example.com/api/v1/users/me

Request Headers

Header Name Description Example
Authorization Your API key prefixed with "Bearer ". Bearer abcdef1234567890
Security Note: Treat your API key like a password. Do not share it publicly or embed it directly in client-side code.

Authentication Endpoints

1. Obtain Token (Example - if using OAuth2 or similar)

While we primarily use API keys, some advanced scenarios might involve token-based flows like OAuth2. This endpoint is illustrative.

POST /oauth/token

Request Body Parameters

Parameter Type Required Description
grant_type string Yes The grant type. For client credentials, use client_credentials.
client_id string Yes Your application's client ID.
client_secret string Yes Your application's client secret.
scope string No The scope of the access request (e.g., read write).

Example Request

curl -X POST \
  https://api.example.com/oauth/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET'

Example Response (Success)

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 3600,
  "scope": "read write"
}

Example Response (Error)

{
  "error": "invalid_client",
  "error_description": "Client authentication failed"
}

Revoking API Keys

You can revoke existing API keys through your Developer Dashboard. Once revoked, a key will no longer be valid for authentication.