Authentication
Learn how to authenticate your requests to the Qamaq API using API keys.
API Keys
The Qamaq API uses API keys to authenticate requests. API keys are tied to your organization and can have different permission scopes to control what actions they can perform.
Keep your API keys secure
Never share your API keys in public repositories, client-side code, or other publicly accessible locations. Treat them like passwords.
Creating API Keys
To create an API key:
- 1Log in to your Qamaq dashboard
- 2Navigate to Configurations > API Keys
- 3Click "Create New API Key"
- 4Give your key a descriptive name and select the appropriate scopes
- 5Copy and securely store your API key - it won't be shown again
Using API Keys
Include your API key in the Authorization header using the Bearer scheme:
cURL
curl -X GET "https://api.qamaq.io/api/v1/me" \
-H "Authorization: Bearer qmq_your_api_key"JavaScript
const response = await fetch('https://api.qamaq.io/api/v1/me', {
method: 'GET',
headers: {
'Authorization': 'Bearer qmq_your_api_key'
}
});
const data = await response.json();Python
import requests
response = requests.get(
'https://api.qamaq.io/api/v1/me',
headers={'Authorization': 'Bearer qmq_your_api_key'}
)
data = response.json()API Key Scopes
API keys can have different scopes that control what resources they can access:
| Scope | Description |
|---|---|
entities:read | Read entity schemas and records |
entities:write | Create and modify entity records |
knowledge:read | Read folders and files from knowledge base |
knowledge:write | Create and modify folders and files |
boards:read | Read boards and tickets |
boards:write | Create and modify boards and tickets |
Authentication Errors
If authentication fails, you'll receive one of these error responses:
401Unauthorized
No API key was provided or the key format is invalid.
403Forbidden
The API key is valid but doesn't have permission for the requested resource or action.
Best Practices
- Use environment variables to store API keys, never hardcode them
- Create separate API keys for different applications or environments
- Use the minimum required scopes for each API key
- Rotate API keys periodically for better security
- Monitor API key usage in your dashboard
- Immediately revoke any API keys that may have been compromised