Documentation/API Reference/Authentication

API Authentication

Learn how to authenticate with the RealmKit API using API keys, OAuth 2.0, or JWT tokens. Choose the method that best fits your use case.

Quick Reference

Most common authentication method for API access

API Key Authentication

Authorization: Bearer your-api-key-here
Free Tier
100 requests/hour
With API Key
1,000 requests/hour
Premium
5,000 requests/hour

Authentication Methods

API Keys
Easy

Simple token-based authentication for server-to-server integrations

Best For

Backend services, automation scripts, CI/CD pipelines

Features

No expiration
Revocable
Scoped permissions
High rate limits

Setup Steps

  1. 1
    Sign in to your RealmKit account
  2. 2
    Go to Settings > API Keys
  3. 3
    Click "Generate New Key"
  4. 4
    Copy and store securely
  5. 5
    Use in Authorization header

OAuth 2.0
Medium

Standard OAuth flow for web applications and user authentication

Best For

Web applications, mobile apps, third-party integrations

Features

User consent
Temporary tokens
Refresh tokens
Secure delegation

Setup Steps

  1. 1
    Register your application
  2. 2
    Configure redirect URIs
  3. 3
    Implement OAuth flow
  4. 4
    Exchange code for token
  5. 5
    Use access token in requests

JWT Tokens
Easy

Temporary session tokens from web interface login

Best For

Web interface, temporary access, development testing

Features

Automatic expiration
User context
Browser-friendly
Quick setup

Setup Steps

  1. 1
    Sign in to RealmKit Hub
  2. 2
    Open browser dev tools
  3. 3
    Find JWT in localStorage
  4. 4
    Copy token value
  5. 5
    Use for temporary access

API Key Management

Create, manage, and secure your API keys

Creating API Keys

  1. 1. Sign in to your RealmKit account
  2. 2. Navigate to Settings → API Keys
  3. 3. Click "Generate New Key"
  4. 4. Add a descriptive name
  5. 5. Select required scopes
  6. 6. Copy and store the key securely
Key Format
rk_live_1234567890abcdef1234567890abcdef
Keys start with rk_live_ for production or rk_test_ for testing

Security Best Practices

✓ Do
  • • Store keys in environment variables
  • • Use different keys per environment
  • • Rotate keys regularly
  • • Use minimum required scopes
  • • Monitor key usage
✗ Don't
  • • Hard-code keys in source code
  • • Share keys in public repositories
  • • Use keys in client-side code
  • • Grant excessive permissions
  • • Ignore usage anomalies

Scopes & Permissions

Control what your API keys can access

read:realms

Read realm metadata and listings

download:realms

Download realm templates

write:realms

Create and update realms

delete:realms

Delete owned realms

read:stats

Access platform statistics

read:profile

Read user profile information

write:profile

Update user profile

Principle of Least Privilege
Only grant the minimum scopes required for your application. You can always create additional keys with different permissions later.

Code Examples

Implementation examples in popular languages

cURL

curl "https://api.realmkit.com/v1/realms" \
  -H "Authorization: Bearer your-api-key-here"

JavaScript/TypeScript

Recommended
// Using fetch
const response = await fetch('https://api.realmkit.com/v1/realms', {
  headers: {
    'Authorization': 'Bearer your-api-key-here',
    'Content-Type': 'application/json'
  }
});

// Using the official SDK
import { RealmKit } from '@realmkit/sdk';

const client = new RealmKit({
  apiKey: 'your-api-key-here'
});

const realms = await client.realms.list();

Python

# Using requests
import requests

headers = {
    'Authorization': 'Bearer your-api-key-here',
    'Content-Type': 'application/json'
}

response = requests.get('https://api.realmkit.com/v1/realms', headers=headers)

# Using the official SDK
from realmkit import RealmKit

client = RealmKit(api_key='your-api-key-here')
realms = client.realms.list()

Go

// Using net/http
req, _ := http.NewRequest("GET", "https://api.realmkit.com/v1/realms", nil)
req.Header.Set("Authorization", "Bearer your-api-key-here")
req.Header.Set("Content-Type", "application/json")

client := &http.Client{}
resp, _ := client.Do(req)

// Using the official SDK
import "github.com/realmkit/go-sdk"

client := realmkit.New("your-api-key-here")
realms, err := client.Realms.List(context.Background())

Authentication Errors

Common authentication issues and solutions

401
Unauthorized

Missing, invalid, or expired authentication credentials.

  • • Check that your API key is correct
  • • Ensure the Authorization header is properly formatted
  • • Verify the key hasn't been revoked
403
Forbidden

Valid authentication but insufficient permissions.

  • • Check that your key has the required scopes
  • • Ensure you're accessing permitted resources
  • • Contact support if you need additional permissions
429
Rate Limited

Too many requests in a given timeframe.

  • • Implement exponential backoff
  • • Check rate limit headers
  • • Consider upgrading to higher limits

Next Steps

Continue exploring the RealmKit API

Generate API Key
Create your first key
API Endpoints
Explore available endpoints
Official SDKs
Language-specific libraries
Try API
Interactive documentation
Code Examples
Ready-to-use snippets
FAQ
Common questions