C
CoderspaE/Documentation
Get API Key

Authentication

Learn how to authenticate with the CoderspaE API using API keys, OAuth, and session management for secure access to platform features.

Authentication Methods

CoderspaE supports multiple authentication methods to suit different use cases and security requirements.

Available Methods

  • • API Keys - For server-to-server and CLI access
  • • OAuth 2.0 - For third-party applications
  • • JWT Tokens - For web applications
  • • Session Cookies - For browser-based access
  • • Personal Access Tokens - For automated workflows

API Keys

Creating API Keys

API keys provide secure, programmatic access to the CoderspaE platform:

1. Log in to your CoderspaE dashboard
2. Navigate to Settings → API Keys
3. Click "Create New API Key"
4. Configure permissions and scope:
   - Read access: View problems, submissions, leaderboards
   - Write access: Submit solutions, create battles
   - Admin access: Manage tournaments, user data
5. Copy and securely store your API key

Using API Keys

HTTP Headers

# Using Authorization header (recommended)
curl -H "Authorization: Bearer your-api-key" \
     https://api.coderspae.com/v1/profile

# Using custom header
curl -H "X-API-Key: your-api-key" \
     https://api.coderspae.com/v1/profile

JavaScript SDK

import { CoderspaE } from '@coderspae/sdk';

const client = new CoderspaE({
  apiKey: process.env.CODERSPAE_API_KEY,
  environment: 'production' // or 'sandbox'
});

// All requests will be authenticated
const profile = await client.users.getProfile();

Python SDK

import coderspae
import os

client = coderspae.Client(
    api_key=os.getenv('CODERSPAE_API_KEY'),
    environment='production'
)

# All requests will be authenticated
profile = client.users.get_profile()

OAuth 2.0 Integration

OAuth Flow

Use OAuth 2.0 for applications that need to act on behalf of users:

# Step 1: Register your application
1. Go to Settings → OAuth Applications
2. Click "Create New Application"
3. Configure:
   - Application name
   - Homepage URL
   - Authorization callback URL
4. Note your Client ID and Client Secret

Authorization Code Flow

# Step 1: Redirect user to authorization URL
https://coderspae.com/oauth/authorize?
  client_id=your-client-id&
  redirect_uri=https://yourapp.com/callback&
  response_type=code&
  scope=read:profile+write:battles&
  state=random-state-string

# Step 2: Exchange code for token
curl -X POST https://api.coderspae.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your-client-id",
    "client_secret": "your-client-secret",
    "code": "authorization-code",
    "redirect_uri": "https://yourapp.com/callback",
    "grant_type": "authorization_code"
  }'

Security Best Practices

🔐 Token Security

  • • Store tokens securely (environment variables, secure vaults)
  • • Use HTTPS for all API communications
  • • Implement token rotation and refresh logic
  • • Monitor for unusual authentication patterns

📊 Monitoring

  • • Log authentication events and failures
  • • Set up alerts for suspicious activity
  • • Monitor API key usage and quotas
  • • Regular security audits of access tokens