Volcano API
Api

Authentication

Learn how to authenticate your API requests

Authentication

The Card Market API uses two authentication methods to secure your requests. Choose the method that best fits your use case.

Important: Never use both authentication methods in the same request. They are mutually exclusive.

Bearer Token Authentication

Bearer token authentication is designed for general user authentication. This method is ideal for:

  • User-facing applications
  • Mobile apps
  • Web applications with user sessions

How to Use

Include the Authorization header with your Bearer token:

Authorization: Bearer <your-token-here>

Example Request

curl -X GET "https://api.market.decenctype.com/user" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Getting a Bearer Token

To obtain a Bearer token, use the login endpoint:

curl -X POST "https://api.market.decenctype.com/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "your-password"
  }'

Response:

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "id": "12345",
      "email": "user@example.com",
      "username": "johndoe"
    }
  }
}

API Key Authentication

API key authentication is designed for developer and server-to-server authentication. This method is ideal for:

  • Backend services
  • Automated scripts
  • Third-party integrations

How to Use

Include the X-API-KEY header with your API key:

X-API-KEY: <your-api-key-here>

Example Request

curl -X GET "https://api.market.decenctype.com/user/list" \
  -H "X-API-KEY: your-api-key-here"

Getting an API Key

To obtain an API key:

  1. Log into your developer dashboard
  2. Navigate to "API Keys" section
  3. Click "Generate New Key"
  4. Copy and securely store your API key

Note: API keys provide elevated permissions and should be kept secure. Never expose them in client-side code.

Authentication Patterns

Pattern Matching

Bearer tokens must follow this pattern:

^Bearer .+$

Valid Examples:

  • Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
  • Bearer abc123def456

Invalid Examples:

  • bearer token123 (lowercase 'bearer')
  • Token abc123 (wrong prefix)
  • eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... (missing 'Bearer')

Security Best Practices

Token Storage

  1. Secure Storage: Store tokens securely using your platform's secure storage mechanisms

  2. Environment Variables: For server applications, use environment variables

  3. Avoid Hardcoding: Never hardcode tokens in your source code

  4. Regular Rotation: Rotate API keys regularly for enhanced security

Token Transmission

  • Always use HTTPS for API requests
  • Never include tokens in URL parameters
  • Use proper headers for authentication

Error Handling

Handle authentication errors gracefully:

const response = await fetch('https://api.market.decenctype.com/user', {
  headers: {
    'Authorization': 'Bearer ' + token
  }
});

if (response.status === 401) {
  // Token is invalid or expired
  // Redirect to login or refresh token
  handleAuthError();
} else if (response.status === 403) {
  // Token is valid but lacks permissions
  handlePermissionError();
}

Common Authentication Errors

Status CodeErrorDescriptionSolution
401UnauthorizedMissing or invalid tokenProvide a valid Bearer token or API key
403ForbiddenValid token but insufficient permissionsCheck your account permissions
429Too Many RequestsRate limit exceededImplement proper rate limiting

Authentication Examples

JavaScript/Node.js

// Using Bearer Token
const response = await fetch('/api/user', {
  headers: {
    'Authorization': `Bearer ${userToken}`,
    'Content-Type': 'application/json'
  }
});

// Using API Key
const response = await fetch('/api/user/list', {
  headers: {
    'X-API-KEY': process.env.API_KEY,
    'Content-Type': 'application/json'
  }
});

Python

import requests

# Using Bearer Token
headers = {
    'Authorization': f'Bearer {user_token}',
    'Content-Type': 'application/json'
}
response = requests.get('https://api.market.decenctype.com/user', headers=headers)

# Using API Key
headers = {
    'X-API-KEY': os.environ['API_KEY'],
    'Content-Type': 'application/json'
}
response = requests.get('https://api.market.decenctype.com/user/list', headers=headers)

cURL

# Using Bearer Token
curl -X GET "https://api.market.decenctype.com/user" \
  -H "Authorization: Bearer your-token-here" \
  -H "Content-Type: application/json"

# Using API Key
curl -X GET "https://api.market.decenctype.com/user/list" \
  -H "X-API-KEY: your-api-key-here" \
  -H "Content-Type: application/json"

On this page

AuthenticationBearer Token AuthenticationHow to UseExample RequestGetting a Bearer TokenAPI Key AuthenticationHow to UseExample RequestGetting an API KeyAuthentication PatternsPattern MatchingSecurity Best PracticesToken StorageToken TransmissionError HandlingCommon Authentication ErrorsAuthentication ExamplesJavaScript/Node.jsPythoncURL