Authentication

All API requests require authentication using an HTTP header that must be included in every request.

Required Header

`X-API-Key`

Your unique API key that identifies and authenticates your application.

Type: String
Required: Yes
Location: HTTP Header

How to Authenticate

Include the header in every API request:

GET /v2/{endpoint}
X-API-Key: YOUR_API_KEY

Example Requests

JavaScript (Fetch)

const apiKey = 'YOUR_API_KEY';

fetch('https://api.betweenworlds.net/v2/items', {
  headers: {
    'X-API-Key': apiKey,
  },
})
  .then((response) => response.json())
  .then((data) => console.log(data));

cURL

curl -H "X-API-Key: YOUR_API_KEY" \
     https://api.betweenworlds.net/v2/items

Python

import requests

api_key = 'YOUR_API_KEY'

headers = {
    'X-API-Key': api_key
}

response = requests.get('https://api.betweenworlds.net/v2/items', headers=headers)
data = response.json()
print(data)

Error Responses

Missing Authentication

If you don't include the required authentication headers, you'll receive a 401 Unauthorized response:

401 Unauthorized

Invalid Credentials

If your API key or auth ID is invalid, you'll also receive a 401 Unauthorized response.

Best Practices

Keep credentials secure - Never expose your API key and auth ID in client-side code or public repositories
Use environment variables - Store credentials in environment variables, not hardcoded in your application
Implement server-side requests - Make API requests from your backend to keep credentials secure

Rate Limiting

Remember that all authenticated requests are subject to rate limiting of 100 requests per 15 minutes per IP address.

#Authentication

#Required Header

#X-API-Key

#How to Authenticate

#Example Requests

#JavaScript (Fetch)

#cURL

#Python

#Error Responses

#Missing Authentication

#Invalid Credentials

#Best Practices

#Rate Limiting