Authentication

Learn how to authenticate your API requests using API keys.

Important: Keep your API keys secure. Never share them publicly or commit them to version control.

API Key Authentication

The API uses API key authentication. You must include your API key in every authenticated request.

Getting an API Key

  1. Login to your Developer Portal
  2. Navigate to Settings → API Keys
  3. Click "Generate New API Key"
  4. Give your key a descriptive name
  5. Copy and save the key securely

Authentication Methods

You can include your API key in requests using one of three methods:

Method 1: Authorization Header (Recommended)

Include the API key in the Authorization header using the Bearer scheme:

curl -X GET "https://api.tksmods.in/apps" \
  -H "Authorization: Bearer YOUR_API_KEY"

Method 2: Custom Header

Use the custom X-API-Key header:

curl -X GET "https://api.tksmods.in/apps" \
  -H "X-API-Key: YOUR_API_KEY"

Method 3: Query Parameter

Include the API key as a query parameter (for testing only, not recommended for production):

curl -X GET "https://api.tksmods.in/apps?api_key=YOUR_API_KEY"
Security Warning: Using API keys in URLs (Method 3) is less secure as they may be logged in server logs or browser history. Use headers (Method 1 or 2) in production.

Example Requests

JavaScript (Fetch API)

const apiKey = 'your_api_key_here';
const baseUrl = 'https://api.tksmods.in';

fetch(`${baseUrl}/apps`, {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

PHP (cURL)

$apiKey = 'your_api_key_here';
$baseUrl = 'https://api.tksmods.in';

$ch = curl_init("$baseUrl/apps");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "Authorization: Bearer $apiKey",
    "Content-Type: application/json"
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
$data = json_decode($response, true);

curl_close($ch);
print_r($data);

Python (Requests)

import requests

api_key = 'your_api_key_here'
base_url = 'https://api.tksmods.in'

headers = {
    'Authorization': f'Bearer {api_key}',
    'Content-Type': 'application/json'
}

response = requests.get(f'{base_url}/apps', headers=headers)
data = response.json()
print(data)

Authentication Errors

If authentication fails, you'll receive one of these error responses:

Missing API Key

{
  "success": false,
  "message": "API key required",
  "errors": [],
  "timestamp": 1234567890
}

HTTP Status: 401 Unauthorized

Invalid API Key

{
  "success": false,
  "message": "Invalid API key",
  "errors": [],
  "timestamp": 1234567890
}

HTTP Status: 401 Unauthorized

Suspended Account

{
  "success": false,
  "message": "Developer account is suspended",
  "errors": [],
  "timestamp": 1234567890
}

HTTP Status: 403 Forbidden

Best Practices

  • Store API keys in environment variables
  • Use different API keys for different applications
  • Rotate API keys regularly
  • Never commit API keys to version control
  • Use HTTPS for all API requests
  • Revoke compromised keys immediately
Tip: You can manage all your API keys, view usage statistics, and revoke keys from your Developer Portal.