Authentication
Authentication
Learn how to authenticate your API requests with QUIZZQ
Important
Never share your API keys or credentials. Keep them secure and use environment variables in your applications.
API Key Authentication
Simple key-based authentication for API access
Example Request
curl https://api.quizzq.com/v1/quizzes \
-H "X-API-Key: YOUR_API_KEY"Example Response
{
"status": "success",
"message": "Authentication successful"
}Features
- Easy to implement
- Suitable for server-side apps
- Key rotation support
- Usage analytics
OAuth 2.0
Secure token-based authentication flow
Example Request
curl https://api.quizzq.com/oauth/token \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET"Example Response
{
"access_token": "TOKEN",
"token_type": "Bearer",
"expires_in": 3600
}Features
- Secure authentication flow
- Token expiration
- Scope-based access
- Refresh token support
Key Rotation
Best practices for API key management
- Rotate keys every 90 days
- Use separate keys per environment
- Revoke compromised keys immediately
- Monitor key usage patterns
Security Tips
Keep your authentication secure
- Use environment variables
- Implement IP whitelisting
- Enable audit logging
- Set up alerts for suspicious activity
Common Issues
Invalid API Key
Ensure your API key is valid and not expired
Missing Authorization Header
Include the Authorization header in your requests
Token Expired
Refresh your access token when it expires
Incorrect Scope
Verify you have the required permissions