Skip to main content

API key authentication

Business API routes under /v1/biz are protected with an API‑key–based middleware (APIKeyAuth) that verifies requests using a hashed key and encrypted digest stored in the developer_app_details (or equivalent) table. Send your key using the Authorization header with Bearer token: 
curl -X GET https://api.dragdropdo.com/v1/biz/status/task_abc123 \
  -H "Authorization: Bearer d3_live_xxx"
Under the hood the middleware:
  1. Looks up the stored record by API key prefix or mapping.
  2. Decrypts the stored digest using AES.
  3. Recomputes the hash using (digest + provided_api_key).
  4. Compares it with the stored hash and verifies ExpireAt / IsActive.
If the key is invalid or expired, the request is rejected with an authentication error.

Generating API keys

API keys are generated through the D3 dashboard:
  1. Sign in to your account at dragdropdo.com/auth/signin
  2. Navigate to your Account section
  3. Go to the Generate API Key section
  4. Create a new API key with a descriptive name
  5. Copy and securely store your API key
Once you have your API key, you can use it to initialize the client: 
import { Dragdropdo } from "dragdropdo-sdk";

const client = new Dragdropdo({
apiKey: "d3_live_xxx", // Your API key from the dashboard
baseURL: "https://api.dragdropdo.com",
});