Authentication

API Keys

Authenticate your API requests with secure API keys. Every request to BizKitHub requires a valid API key for authorization and access control.

Passing Your API Key

Include your API key as the apiKey parameter in either the URL query string or request body. All HTTP methods accept both formats.

Query Parameter
?apiKey=YOUR_API_KEY
Request Body
{ "apiKey": "YOUR_API_KEY" }

Key Format

API keys follow a consistent format with a prefix indicating the key type.

Example API Key
PRODPGrFxpGEtrOZfuWhnoJohUYBXuOE
Prefix (4 chars)
Random ID (28 chars)

* This is a demonstration key and does not exist.

Key Types

Choose the right key type for your use case. Each type has different rate limits and access permissions.

PROD500,000 / min

Production Key

For live applications in production environments. Full access with high rate limits.

Full API access
High rate limits
Activity monitoring
Auto-scaling
DEV_1,000 / min

Development Key

For development and testing. Each team member receives their own key.

Sandbox access
Detailed logging
Debug mode
Test data
ROOTUnlimited

System Key

Administrative access for BizKitHub organization. Bypasses all restrictions.

Full system access
No rate limits
Audit logging
Admin operations

Verification Process

Every API request goes through a comprehensive verification workflow to ensure security and proper authorization.

1

Key Validation

Verify the API key is present in the request parameters or body

2

Format Check

Validate key format using regex pattern matching

3

Database Lookup

Query the central key registry for key record and settings

4

Expiration Check

Verify key is active and has not expired

5

Rate Limit Check

Ensure request count is within allowed limits

6

Permission Validation

Load and verify roles for the requested endpoint

7

Execute Request

Process the API request if all validations pass

Generation Rules

Matches regex pattern /^(PROD|DEV_|ROOT)([a-zA-Z0-9]{28})$/
Total key length is always 32 characters
Globally unique across all BizKitHub organizations
Prefix indicates key type (exactly 4 characters)
Random 28-character suffix for uniqueness
Cryptographically secure random generation
Mixed case alphanumeric characters only

Format Validation

Use parseApiKey(apiKey) to validate key format before making requests.

Security Best Practices

Follow these guidelines to keep your API keys secure and protect your data.

Recommended

Store API keys in environment variables, never in code
Always use HTTPS for API requests
Rotate production keys regularly
Use development keys for testing

Avoid

x
Committing keys to version control
x
Sharing keys between team members
x
Using production keys in development
x
Logging API keys in application logs
x
Transmitting keys over insecure channels

Usage Examples

Query Parameter

GET https://api.bizkithub.com/v1/users?apiKey=PRODPGrFxpGEtrOZfuWhnoJohUYBXuOE

Request Body (JSON)

POST https://api.bizkithub.com/v1/users
Content-Type: application/json

{
  "apiKey": "PRODPGrFxpGEtrOZfuWhnoJohUYBXuOE",
  "email": "user@example.com",
  "name": "John Doe"
}

JavaScript / Node.js

const response = await fetch(
  'https://api.bizkithub.com/v1/users?apiKey=' + process.env.API_KEY,
  {
    method: 'GET',
    headers: { 'Content-Type': 'application/json' }
  }
);

const data = await response.json();

Ready to Get Started?

Manage your API keys in the BizKitHub admin dashboard. Create, rotate, and monitor your keys with full control.