API Authentication
All API requests to SilentShield require authentication. There are two authentication methods depending on the endpoint.
API Key Authentication
Most endpoints use API key authentication via the X-Api-Key header. Your API key is available in the dashboard under API Keys.
X-Api-Key: your-api-key-hereUse this method for: Widget endpoints, nonce verification, and public-facing API calls.
JWT Authentication
Dashboard and management endpoints use JWT (JSON Web Token) authentication. Obtain a token by logging in via the auth endpoint.
POST /api/v1/auth/loginRequest Body:
{"email": "[email protected]", "password": "your-password"}Response:
{"token": "eyJhbGciOiJIUzI1NiIs...", "expiresIn": 86400}Authorization: Bearer eyJhbGciOiJIUzI1NiIs...Use this method for: Management endpoints, analytics queries, team management, and account settings.
Authentication Errors
| Status | Error | Solution |
|---|---|---|
401 | missing credentials | Add the X-Api-Key or Authorization header. |
401 | invalid_api_key | Check that your API key is correct and active. |
401 | token_expired | Your JWT has expired. Request a new token via /api/v1/auth/login. |
403 | insufficient_permissions | Your role does not have access to this endpoint. |
Rate Limits
API requests are rate-limited per IP address. The default limit is 60 requests per minute for management endpoints and 1000 requests per minute for widget endpoints. Rate limit headers are included in every response.
X-RateLimit-LimitX-RateLimit-RemainingX-RateLimit-ResetRetry-After (only on 429)