Authentication

Learn how to authenticate with the soft.house API using API keys and OAuth.

API Keys

The simplest way to authenticate is using API keys. Get your key from the Dashboard.

Key Types

  • sk_test_... - Test mode keys for development
  • sk_live_... - Live mode keys for production

Using API Keys

Include your API key in the Authorization header:

request.sh 
curl https://api.soft.house/wishes \
  -H "Authorization: Bearer sk_test_..."

OAuth 2.1

For user-facing applications, use OAuth 2.1 to let users authorize your app. This provides access to user-specific resources.

oauth.ts 
// Redirect user to authorization
"token-keyword">const authUrl = soft.oauth.getAuthorizationUrl({
  client_id: 'your_client_id',
  redirect_uri: 'https://your-app.com/callback',
  scope: 'wishes:read wishes:write',
});

// Exchange code "token-keyword">for tokens(in your callback handler)
"token-keyword">const tokens = "token-keyword">await soft.oauth.exchangeCode({
  code: 'auth_code_from_callback',
  redirect_uri: 'https://your-app.com/callback',
});

Security Best Practices

  • Never expose API keys in client-side code
  • Use environment variables for key storage
  • Rotate keys regularly (90 days recommended)
  • Use test keys during development
  • Set up key permission scopes
← Quickstart API Reference →