​
API Request Authentication

All API requests to Devdraft must be authenticated using API keys. This guide explains how to obtain and use your API keys securely.

​
API Keys

Devdraft uses API keys to authenticate requests. You can manage your API keys from your dashboard.

Live Keys

Production Environment
  • Format: pk_live_... (publishable) and sk_live_... (secret)
  • Process real transactions
  • Connect to production systems

Test Keys

Development & Testing
  • Format: pk_test_... (publishable) and sk_test_... (secret)
  • Safe for development
  • No real money processed

Key Permissions

​
Authentication Methods

​
Bearer Token Authentication

Include your secret API key in the Authorization header: 
curl https://api.devdraft.ai/v1/customers \
  -H "Authorization: Bearer sk_test_your_secret_key_here" \
  -H "Content-Type: application/json"

​
Basic Authentication

Alternatively, use HTTP Basic Authentication with your secret key as the username: 
curl https://api.devdraft.ai/v1/customers \
  -u sk_test_your_secret_key_here: \
  -H "Content-Type: application/json"

​
Request Headers

​
Required Headers

Authorization: Bearer sk_test_your_secret_key_here
Content-Type: application/json

​
Optional Headers

Idempotency-Key: unique_request_identifier
User-Agent: YourApp/1.0
X-API-Version: 2024-01-01

​
Code Examples

const axios = require('axios');

const devdraft = axios.create({
  baseURL: 'https://api.devdraft.ai/v1',
  headers: {
    'Authorization': 'Bearer sk_test_your_secret_key_here',
    'Content-Type': 'application/json'
  }
});

// Make a request
const response = await devdraft.get('/customers');

​
Security Best Practices

​
Protecting Your Keys

  1. Never expose secret keys in client-side code
  2. Use environment variables to store keys
  3. Rotate keys regularly for enhanced security
  4. Restrict key permissions to minimum required scope

​
Environment Variables

Store your keys securely: 
# .env file
DEVDRAFT_SECRET_KEY=sk_test_your_secret_key_here
DEVDRAFT_PUBLISHABLE_KEY=pk_test_your_publishable_key_here

​
Key Rotation

Regularly rotate your API keys:
  1. Generate a new API key in your dashboard
  2. Update your application configuration
  3. Test the new key in a staging environment
  4. Deploy to production
  5. Delete the old key

​
Error Responses

​
Authentication Errors

401 Unauthorized: Invalid or missing API key 
{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key provided"
  }
}
403 Forbidden: Valid key but insufficient permissions 
{
  "error": {
    "type": "permission_error",
    "message": "This API key does not have permission to perform this action"
  }
}

​
Testing Authentication

Test your authentication setup: 
curl https://api.devdraft.ai/v1/account \
  -H "Authorization: Bearer sk_test_your_secret_key_here"
A successful response confirms your authentication is working correctly.