API Armor LogoAPI Armor

Authentication

Learn how to authenticate your API requests using Bearer tokens.

Overview

All API requests to API Shield must be authenticated using an API key. Authentication is handled using the Authorization header with a Bearer token.

Getting Your API Key

  1. Sign up for an account or log in
  2. Navigate to your Dashboard
  3. Go to the API Keys section
  4. Click "Create New API Key"
  5. Give your key a descriptive name (e.g., "Production Server", "Development")
  6. Copy and securely store your API key

Important

Your API key is shown only once during creation. Make sure to copy it and store it securely. If you lose it, you'll need to generate a new one.

Using Your API Key

Include your API key in the Authorization header of every request using the Bearer authentication scheme:

Authorization: Bearer aa_abc123xyz789

Example Requests

curl "https://bifrost.api-armor.com/v1/check?email=test@example.com" \
  -H "Authorization: Bearer aa_abc123xyz789"

Security Best Practices

1. Use Environment Variables

Never hardcode API keys in your source code. Use environment variables instead:

// ✅ Good - Use environment variables
const API_KEY = process.env.API_SHIELD_KEY;

// ❌ Bad - Hardcoded key
const API_KEY = 'aa_abc123xyz789';

2. Keep Keys Secret

  • Never commit API keys to version control
  • Add .env to your .gitignore file
  • Don't expose keys in client-side code
  • Use server-side API calls only
  • Rotate keys periodically

Managing API Keys

Viewing Your Keys

In your Dashboard, you can:

  • View all active API keys
  • See when each key was created
  • Check last used date
  • Monitor usage per key

Revoking Keys

If a key is compromised or no longer needed:

  1. Go to your API Keys Dashboard
  2. Find the key you want to revoke
  3. Click the "Delete" or "Revoke" button
  4. Confirm the action

Important

Revoking a key immediately stops all requests using that key. Make sure to update your applications before revoking an active key.

Authentication Errors

Missing API Key

401 Unauthorized 
{
  "error": "No API key provided",
  "message": "Please include your API key in the Authorization header"
}

Invalid API Key

401 Unauthorized 
{
  "error": "Invalid API key",
  "message": "The provided API key is not valid"
}

Expired or Revoked Key

401 Unauthorized 
{
  "error": "API key revoked",
  "message": "This API key has been revoked. Please generate a new one."
}

Testing Authentication

You can test your authentication setup with this simple request:

curl "https://bifrost.api-armor.com/v1/check?email=test@example.com" \
  -H "Authorization: Bearer aa_abc123xyz789" \
  -v

A successful authentication will return a 200 OK status code.

Next Steps

Quick Start

Get started with your first API request

API Reference

Explore the complete API documentation

Error Handling

Learn about error responses

Quick Start Guide

Get started with API Shield in minutes. Follow this step-by-step guide to integrate disposable email detection into your application.

API Reference

Complete reference documentation for the API Shield API endpoints.

On this page

OverviewGetting Your API KeyUsing Your API KeyExample RequestsSecurity Best Practices1. Use Environment Variables2. Keep Keys SecretManaging API KeysViewing Your KeysRevoking KeysAuthentication ErrorsMissing API KeyInvalid API KeyExpired or Revoked KeyTesting AuthenticationNext Steps