API Authentication
Learn how to authenticate your requests to the Helmbay API.
Authentication Methods
API Key
Use API keys for server-to-server authentication
curl -H "Authorization: Bearer your-api-key" \
https://api.helmbay.com/v1/repositoriesOAuth2
Use OAuth2 for third-party application integration
curl -H "Authorization: Bearer oauth-token" \
https://api.helmbay.com/v1/repositoriesAPI Key Authentication
Generate API Key
Create a new API key in the dashboard
- 1. Navigate to Account Settings
- 2. Select API Keys tab
- 3. Click "Generate New Key"
- 4. Set key name and permissions
- 5. Copy and securely store the key
Use API Key
Include the API key in request headers
- 1. Add Authorization header
- 2. Use Bearer authentication scheme
- 3. Include API key as token
OAuth2 Authentication
1
Authorization Request
Redirect user to authorization endpoint
https://helmbay.com/oauth/authorize?
client_id=your-client-id
&redirect_uri=https://your-app.com/callback
&response_type=code
&scope=repo:read repo:write 2
Exchange Code
Exchange authorization code for access token
curl -X POST https://helmbay.com/oauth/token \
-d client_id=your-client-id \
-d client_secret=your-client-secret \
-d code=authorization-code \
-d grant_type=authorization_code 3
Use Access Token
Include access token in API requests
curl -H "Authorization: Bearer access-token" \
https://api.helmbay.com/v1/repositoriesAvailable Scopes
| Scope | Description |
|---|---|
repo:read | Read access to repositories |
repo:write | Write access to repositories |
team:read | Read access to teams |
team:write | Write access to teams |
org:read | Read access to organizations |
org:write | Write access to organizations |
Security Best Practices
API Key Security
- Never share API keys
- Use environment variables
- Rotate keys regularly
- Use minimal required permissions
OAuth Security
- Validate redirect URIs
- Use state parameter
- Implement PKCE
- Secure client secrets
Next Steps
Now that you understand authentication, explore the available API endpoints.