Authentication
The Secberus Compliance Service API uses API key authentication. All API requests (except the healthcheck endpoint) require a valid API key.
Obtaining an API Key
Contact Secberus at [email protected] to request an API key.
Using Your API Key
Include your API key in the authorization header of each request. Pass the API key directly as the header value.
Header Format
authorization: YOUR_API_KEYExample Request
curl -H "authorization: YOUR_API_KEY" \
https://compliance.secberus.ai/v1/frameworksExample with Environment Variable
For security, store your API key in an environment variable:
# Set your API key
export SECBERUS_API_KEY="your-api-key-here"
# Make authenticated requests
curl -H "authorization: $SECBERUS_API_KEY" \
https://compliance.secberus.ai/v1/frameworksAuthentication Errors
If authentication fails, the API returns a 403 Forbidden response:
{
"requestid": "abc123",
"http_status": 403,
"title": "Forbidden",
"detail": "Invalid or missing API key"
}Common Authentication Issues
| Issue | Solution |
|---|---|
Missing authorization header | Include the header in your request |
| Invalid API key | Verify your API key is correct |
| Expired API key | Contact support to renew your key |
Security Best Practices
- Never commit API keys to version control - Use environment variables or secret management tools
- Rotate keys periodically - Request new keys and retire old ones
- Use HTTPS only - All API requests must use HTTPS (HTTP requests are not supported)
- Limit key exposure - Only share keys with systems that need them
Updated 1 day ago