Authentication

Secure your API requests

All API requests require authentication using either an API key or OAuth access token.

API Key Authentication

Include your API key in the X-API-Key header:

curl -X GET "https://dev.debands.xyz/api/public/me" \
  -H "X-API-Key: db_your_api_key_here"

OAuth Bearer Token

Include the access token in the Authorization header:

curl -X GET "https://dev.debands.xyz/api/public/me" \
  -H "Authorization: Bearer your_access_token_here"

Security Note

Never expose your API keys in client-side code. Use API keys only in server-to-server communication. For client-side applications, use OAuth 2.0 with PKCE.