Skip to main content

API key authentication

Business API routes under /api/v1 are protected with an API‑key–based middleware (APIKeyAuth) that verifies requests using a hashed key and encrypted digest stored in the developer_app_details (or equivalent) table. Send your key using the Authorization header with Bearer token:
curl -X GET https://api.dragdropdo.com/api/v1/status/task_abc123 \
  -H "Authorization: Bearer d3_live_xxx"
import { Dragdropdo } from "dragdropdo-sdk";

const client = new Dragdropdo({
  apiKey: "d3_live_xxx",
  baseURL: "https://api.dragdropdo.com",
});

// API key is automatically included in all requests
from dragdropdo_sdk import Dragdropdo, D3ClientConfig

client = Dragdropdo(
    api_key="d3_live_xxx",
    base_url="https://api.dragdropdo.com"
)

# API key is automatically included in all requests
use DragdropdoSdk\Dragdropdo;

$client = new Dragdropdo([
    'api_key' => 'd3_live_xxx',
    'base_url' => 'https://api.dragdropdo.com',
]);

// API key is automatically included in all requests
require 'dragdropdo_sdk'

client = DragdropdoSdk::Dragdropdo.new(
  api_key: 'd3_live_xxx',
  base_url: 'https://api.dragdropdo.com'
)

# API key is automatically included in all requests
import "github.com/d3/dragdropdo-sdk-go"

client, _ := d3.NewDragdropdo(d3.Config{
    APIKey:  "d3_live_xxx",
    BaseURL: "https://api.dragdropdo.com",
});

// API key is automatically included in all requests
import com.dragdropdo.sdk.Dragdropdo;
import com.dragdropdo.sdk.DragdropdoConfig;

Dragdropdo client = new Dragdropdo(
    new DragdropdoConfig("d3_live_xxx")
        .setBaseUrl("https://api.dragdropdo.com")
);

// API key is automatically included in all requests
Under the hood the middleware:
  1. Looks up the stored record by API key prefix or mapping.
  2. Decrypts the stored digest using AES.
  3. Recomputes the hash using (digest + provided_api_key).
  4. Compares it with the stored hash and verifies ExpireAt / IsActive.
If the key is invalid or expired, the request is rejected with an authentication error.

Generating API keys

API keys are generated through the D3 dashboard:
  1. Sign in to your account at dragdropdo.com/auth/signin
  2. Navigate to your Account section
  3. Go to the Generate API Key section
  4. Create a new API key with a descriptive name
  5. Copy and securely store your API key
Once you have your API key, you can use it to initialize the client:
import { Dragdropdo } from "dragdropdo-sdk";

const client = new Dragdropdo({
apiKey: "d3_live_xxx", // Your API key from the dashboard
baseURL: "https://api.dragdropdo.com",
});

from dragdropdo_sdk import Dragdropdo, D3ClientConfig

client = Dragdropdo(
    api_key="d3_live_xxx",  # Your API key from the dashboard
    base_url="https://api.dragdropdo.com"
)
use DragdropdoSdk\Dragdropdo;

$client = new Dragdropdo([
    'api_key' => 'd3_live_xxx', // Your API key from the dashboard
    'base_url' => 'https://api.dragdropdo.com',
]);
require 'dragdropdo_sdk'

client = DragdropdoSdk::Dragdropdo.new(
  api_key: 'd3_live_xxx', # Your API key from the dashboard
  base_url: 'https://api.dragdropdo.com'
)
import "github.com/d3/dragdropdo-sdk-go"

client, _ := d3.NewDragdropdo(d3.Config{
    APIKey:  "d3_live_xxx", // Your API key from the dashboard
    BaseURL: "https://api.dragdropdo.com",
});
import com.dragdropdo.sdk.Dragdropdo;
import com.dragdropdo.sdk.DragdropdoConfig;

Dragdropdo client = new Dragdropdo(
    new DragdropdoConfig("d3_live_xxx") // Your API key from the dashboard
        .setBaseUrl("https://api.dragdropdo.com")
);