MySDK Docs

Authentication

Overview

All requests to MySDK must be authenticated. You can use either a static API key for server‑to‑server communication or the OAuth 2.0 flow for user‑centric applications.

API Keys

Generate an API key in the Developer Dashboard. Keep it secret; never embed it in client‑side code.

curl -H "Authorization: Bearer YOUR_API_KEY" https://api.mysdk.com/v1/projects

Rotating Keys

To rotate a key, create a new one, update your services, then deactivate the old key.

OAuth 2.0 Flow

Use the Authorization Code Grant for web apps.

  1. Redirect user to the authorization endpoint.
  2. User grants permission.
  3. Exchange the code for an access token.
  4. Use the access token in API calls.
GET https://auth.mysdk.com/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&scope=read+write

Token Exchange

POST https://auth.mysdk.com/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=AUTH_CODE&redirect_uri=YOUR_REDIRECT_URI&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

Refresh Token

POST https://auth.mysdk.com/token
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token=REFRESH_TOKEN&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

Code Samples

Below are examples for the most common languages.

Python

import requests

API_KEY = "YOUR_API_KEY"
headers = {"Authorization": f"Bearer {API_KEY}"}
resp = requests.get("https://api.mysdk.com/v1/users/me", headers=headers)
print(resp.json())

Node.js

const fetch = require('node-fetch');

const apiKey = "YOUR_API_KEY";
fetch('https://api.mysdk.com/v1/users/me', {
  headers: { Authorization: `Bearer ${apiKey}` }
})
  .then(res => res.json())
  .then(console.log);

Error Handling

All error responses follow the { error: string, message: string, code: number } format.

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key",
  "code": 401
}

Common error codes:

  • 401 – Authentication failed.
  • 403 – Insufficient permissions.
  • 429 – Rate limit exceeded.
  • 500 – Server error.

FAQ

Can I use an API key in a browser?

No. API keys are meant for server‑side usage only. Use OAuth for client‑side applications.

How long do access tokens last?

Access tokens are valid for 1 hour. Use the refresh token to obtain a new one.

What scopes are available?

read, write, admin. Specify them as a space‑separated list in the scope parameter.