Skip to main content

Overview

The PulseGuard API uses Bearer token authentication. You can obtain an API key from your dashboard or use Clerk JWT tokens for authenticated requests.

Authentication Methods

API Key Authentication

Include your API key in the Authorization header: 
curl -X GET "https://api.ipulse.one/api/domains" \
  -H "Authorization: Bearer YOUR_API_KEY"

JWT Token Authentication

Use Clerk JWT tokens for user-specific requests: 
curl -X GET "https://api.ipulse.one/api/domains" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

API Key Management

Create API Key

POST /api-keys
Authorization: Bearer YOUR_JWT_TOKEN
Content-Type: application/json

{
  "name": "Production API Key",
  "permissions": ["domains:read", "domains:write"],
  "expires_at": "2024-12-31T23:59:59Z"
}

List API Keys

GET /api-keys
Authorization: Bearer YOUR_JWT_TOKEN

Delete API Key

DELETE /api-keys/{keyId}
Authorization: Bearer YOUR_JWT_TOKEN

Rate Limits

  • GET requests: 1000 per hour per API key
  • POST/PUT/DELETE: 100 per hour per API key
  • Bulk operations: 10 per hour per API key
Rate limit headers are included in all responses: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

Error Responses

401 Unauthorized

{
  "error": "UNAUTHORIZED",
  "message": "Invalid or missing authentication token"
}

429 Too Many Requests

{
  "error": "RATE_LIMIT_EXCEEDED",
  "message": "API rate limit exceeded",
  "retry_after": 3600
}

Best Practices

  1. Secure Storage: Store API keys securely, never in version control
  2. Regular Rotation: Rotate API keys regularly for security
  3. Minimal Permissions: Use the principle of least privilege
  4. Monitor Usage: Track API usage to detect abuse
  5. Error Handling: Implement proper error handling for rate limits