Authentication
Interactive guide to API authentication methods and security practices with live examples
API Authentication
Interactive Authentication Guide
Master API authentication with interactive examples and live testing capabilities, supporting multiple authentication methods for different security levels and access requirements.
Authentication Security Overview
Security Levels
Public, Protected, and Private access tiers
Auth Methods
API Key, Bearer Token, and No-Auth options
Public Endpoints
No authentication required
Protected Endpoints
API key authentication required
Private Endpoints
OAuth + permissions required
Security Rating
Enterprise-grade security implementation
Authentication Methods & Security
Server-to-server communication with X-API-Key header authentication
OAuth-based authentication flows for secure user access
Public endpoints for site information and portfolio data
TLS encryption for all API communications
API usage limits and fair access policies
Security best practices for credential management
Security Access Levels
🟢 Public Access
No authentication required for:
- Site information and health checks
- Public portfolio data and project information
- Static content and documentation
🟡 Protected Access
API key required for:
- Advanced features and analytics
- Contact form submission
- Private data access
🔴 Private Access
OAuth + permissions required for:
- Admin operations and system management
- Sensitive data manipulation
- User account operations
Authentication Methods
API Key Authentication
The simplest authentication method for server-to-server communication.
API Key Usage
Include your API key in request headers:
- Header Name:
X-API-Key - Example:
curl -H "X-API-Key: your-api-key-here" \
https://journey.thakurganeshsingh.com/api/llm-context
Bearer Token Authentication
For OAuth-based authentication flows.
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
No Authentication Required
Many endpoints are publicly accessible:
Public Endpoints
- Site information
- Public portfolio data
- Health checks
- Static content
Protected Endpoints
- Contact form submission
- Advanced analytics
- Admin operations
- Private data access
Security Best Practices
Technical Implementation Details
Deployment
- •Environment-based configuration management
- •Secure credential storage and access patterns
- •Automated key rotation and management processes
- •Monitoring and alerting for authentication failures
Security
- •Store API keys in environment variables, never in code repositories
- •Always use HTTPS when sending API keys or sensitive data
- •Regularly rotate API keys and update applications accordingly
- •Implement proper error handling for authentication failures
Security Guidelines
Environment Variables: Store API keys in .env files, never commit to repositories
HTTPS Only: Always use HTTPS for API communication with sensitive data
Key Rotation: Regularly rotate API keys and update applications
Error Handling: Implement proper authentication error handling and logging
Environment Configuration Example
# .env file
API_KEY=your-secret-api-key
API_BASE_URL=https://journey.thakurganeshsingh.com
Error Handling
Authentication Errors
Common authentication error responses:
401 Unauthorized
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key",
"details": {
"required_header": "X-API-Key"
}
}
}
403 Forbidden
{
"error": {
"code": "FORBIDDEN",
"message": "API key does not have permission for this resource",
"details": {
"required_scope": "read:advanced"
}
}
}
Code Examples
JavaScript/Node.js
const API_KEY = process.env.API_KEY;
const BASE_URL = 'https://journey.thakurganeshsingh.com';
async function fetchWithAuth(endpoint) {
try {
const response = await fetch(`${BASE_URL}${endpoint}`, {
headers: {
'X-API-Key': API_KEY,
'Content-Type': 'application/json',
},
});
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
return await response.json();
} catch (error) {
console.error('API request failed:', error);
throw error;
}
}
// Usage
fetchWithAuth('/api/llm-context')
.then(data => console.log(data))
.catch(error => console.error(error));
Python
import os
import requests
from typing import Optional, Dict, Any
class APIClient:
def __init__(self, api_key: Optional[str] = None):
self.api_key = api_key or os.getenv('API_KEY')
self.base_url = 'https://journey.thakurganeshsingh.com'
def _get_headers(self) -> Dict[str, str]:
headers = {'Content-Type': 'application/json'}
if self.api_key:
headers['X-API-Key'] = self.api_key
return headers
def get(self, endpoint: str) -> Dict[str, Any]:
response = requests.get(
f"{self.base_url}{endpoint}",
headers=self._get_headers()
)
response.raise_for_status()
return response.json()
# Usage
client = APIClient()
data = client.get('/api/site-info')
print(data)
cURL Examples
# Public endpoint (no auth required)
curl https://journey.thakurganeshsingh.com/api/site-info
# Protected endpoint (API key required)
curl -H "X-API-Key: your-api-key" \\
https://journey.thakurganeshsingh.com/api/llm-context
# POST request with authentication
curl -X POST \\
-H "X-API-Key: your-api-key" \\
-H "Content-Type: application/json" \\
-d '{"name": "John", "email": "john@example.com"}' \\
https://journey.thakurganeshsingh.com/api/contact
Getting API Keys
Contact us to request API access for advanced features:
Request API Access
Get your API key for protected endpoints. Include the following information in your request:
- Your name and organization
- Intended use case
- Expected request volume
- Technical contact information