API Authentication
Learn how to authenticate your requests to the DeskForge API using API keys.
Overview
All DeskForge API requests require authentication using an API key. API keys are associated with your account and can be created and managed from your dashboard.
Security: Keep your API keys secure and never share them publicly. Treat them like passwords.
Getting an API Key
Follow these steps to generate a new API key:
- Log in to your DeskForge Dashboard at deskforge.app/dashboard
- Navigate to Settings → Access Tokens
- Click Generate New Token
- Give your token a descriptive name (e.g., "Production API", "CI/CD Pipeline")
- Copy the token immediately - you won't be able to see it again
- Store the token securely (e.g., in environment variables or a secrets manager)
Important
API keys are shown only once during creation. Make sure to copy and store them securely before closing the dialog.
Using Your API Key
Include your API key in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEYExample Request
curl -X GET https://api.deskforge.app/projects \
-H "Authorization: Bearer df_1234567890abcdef" \
-H "Content-Type: application/json"Code Examples
JavaScript / Node.js
const axios = require('axios');
const client = axios.create({
baseURL: 'https://api.deskforge.app',
headers: {
'Authorization': `Bearer ${process.env.DESKFORGE_API_KEY}`,
'Content-Type': 'application/json'
}
});
// Make authenticated requests
const response = await client.get('/projects');
console.log(response.data);Python
import os
import requests
API_KEY = os.getenv('DESKFORGE_API_KEY')
BASE_URL = 'https://api.deskforge.app'
headers = {
'Authorization': f'Bearer {API_KEY}',
'Content-Type': 'application/json'
}
response = requests.get(f'{BASE_URL}/projects', headers=headers)
projects = response.json()
print(projects)Go
package main
import (
"fmt"
"io"
"net/http"
"os"
)
func main() {
apiKey := os.Getenv("DESKFORGE_API_KEY")
req, _ := http.NewRequest("GET", "https://api.deskforge.app/projects", nil)
req.Header.Add("Authorization", "Bearer "+apiKey)
req.Header.Add("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}API Key Management
Rotating Keys
For security best practices, rotate your API keys periodically:
- Generate a new API key
- Update your applications to use the new key
- Verify the new key works correctly
- Delete the old key from your dashboard
Revoking Keys
If an API key is compromised, revoke it immediately:
- Go to Settings → Access Tokens
- Find the compromised key
- Click Revoke
- Generate a new key and update your applications
Warning: Revoking a key immediately invalidates it. All requests using that key will fail.
Authentication Error Responses
Missing API Key
HTTP/1.1 401 Unauthorized
{
"error": "Authentication required",
"message": "No API key provided"
}Invalid API Key
HTTP/1.1 401 Unauthorized
{
"error": "Invalid API key",
"message": "The provided API key is invalid or has been revoked"
}Expired API Key
HTTP/1.1 401 Unauthorized
{
"error": "API key expired",
"message": "Your API key has expired. Please generate a new one"
}Security Best Practices
✓ Use Environment Variables
Store API keys in environment variables, never hardcode them in your source code.
✓ Rotate Regularly
Rotate your API keys every 90 days or when team members with access leave.
✓ Use Separate Keys
Create separate API keys for different environments (development, staging, production).
✓ Monitor Usage
Regularly review API key usage in your dashboard to detect unusual activity.
✗ Never Commit to Git
Never commit API keys to version control. Use .env files and add them to .gitignore.
✗ Don't Share Keys
Never share API keys via email, Slack, or other communication channels.