Authentication

All API requests to CastleBreaker require authentication using an API key.

Getting Your API Key

1. Log in to your CastleBreaker dashboard
2. Navigate to the API Keys section
3. Generate a new API key or copy your existing key

Warning: Keep your API key secure and never share it publicly or commit it to version control.

Using Your API Key

Include your API key in every request using the X-API-Key header:

curl -X GET "https://castlebreaker.cc/balance" \
  -H "X-API-Key: YOUR_API_KEY"

Authentication Methods

Header Authentication (Recommended)

GET /balance HTTP/1.1
Host: castlebreaker.cc
X-API-Key: your_api_key_here

Alternative: Authorization Header

You can also use the standard Authorization header:

GET /balance HTTP/1.1
Host: castlebreaker.cc
Authorization: Bearer your_api_key_here

Security Best Practices

1. Rotate Keys Regularly - Generate new keys periodically
2. Use Environment Variables - Store keys in environment variables, not in code
3. Monitor Usage - Check your dashboard regularly for unusual activity
4. Separate Keys - Use different keys for development and production

Example Code

Python

import requests

API_KEY = "your_api_key_here"
headers = {"X-API-Key": API_KEY}

response = requests.get(
    "https://castlebreaker.cc/balance",
    headers=headers
)

print(response.json())

Node.js

const fetch = require('node-fetch');

const API_KEY = 'your_api_key_here';

fetch('https://castlebreaker.cc/balance', {
  headers: {
    'X-API-Key': API_KEY
  }
})
  .then(res => res.json())
  .then(data => console.log(data));

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "status": "error",
  "message": "Invalid or missing API key"
}

Rate Limits

• No hard rate limits
• Fair usage policy applies
• Excessive requests may be throttled

---

Next Steps: Check out the Quick Start Guide to make your first API call.