API Key Authentication
API keys allow admins to access the API without Firebase. Perfect for external integrations, automation, and admin scripts.
Generating API Keys
Method 1: Using the Script (Recommended)
cd functions/api-standalone
export DATABASE_URL="your-database-url"
npm run generate-api-key -- [email protected]
Method 2: Via API
curl -X POST https://api.checkpoint.b-digital.uk/api/v1/api-keys/generate \
-H "Content-Type: application/json" \
-d '{"email": "[email protected]"}'
Method 3: Bulk Generation
# Generate for all users in a tenant
node scripts/generate-api-keys-bulk.js --tenant=KettleOrganisation
Using Your API Key
Include your API key in every request:
curl -X GET https://api.checkpoint.b-digital.uk/api/v1/participants \
-H "X-API-Key: YOUR_API_KEY_HERE"
Managing API Keys
Get Your Current API Key
curl -X GET https://api.checkpoint.b-digital.uk/api/v1/api-keys/my-key \
-H "X-API-Key: YOUR_API_KEY"
Regenerate Your API Key
curl -X POST https://api.checkpoint.b-digital.uk/api/v1/api-keys/regenerate \
-H "X-API-Key: YOUR_OLD_API_KEY" \
-H "Content-Type: application/json"
After regenerating, your old key will stop working immediately. Store the new key securely!
Revoke Your API Key
curl -X DELETE https://api.checkpoint.b-digital.uk/api/v1/api-keys/revoke \
-H "X-API-Key: YOUR_API_KEY"
Security Best Practices
- Store keys securely - Never commit to git
- Use environment variables - Store in
.env or Railway variables
- Rotate regularly - Regenerate keys periodically
- Revoke unused keys - Delete keys when no longer needed
