Authentication

Learn how to authenticate your API requests using API keys. All API endpoints require authentication to ensure secure access to your data.

Getting an API Key

To use the MySSL API, you'll need to create an API key from your dashboard:

  1. Log in to your MySSL Dashboard
  2. Navigate to Settings
  3. Click on the "API Keys" section
  4. Click "Create New API Key"
  5. Give your key a descriptive name (e.g., "Production Server", "CI/CD Pipeline")
  6. Copy and securely store your API key

Important Security Notice

Your API key is displayed only once when created. Store it securely immediately. If you lose it, you'll need to create a new key.

API Key Format

MySSL API keys follow a specific format for easy identification:

myssl_k_<random_string>

Example: myssl_k_a1b2c3d4e5f6g7h8i9j0...

Making Authenticated Requests

Include your API key in the Authorization header using the Bearer token scheme:

HTTP Header 
Authorization: Bearer myssl_k_your_api_key_here

Example Requests

cURL

Bash 
curl -X GET https://myssl.info/api/v1/domains \
  -H "Authorization: Bearer myssl_k_your_api_key_here" \
  -H "Content-Type: application/json"

Python

Python 
import requests

api_key = "myssl_k_your_api_key_here"
headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

response = requests.get(
    "https://myssl.info/api/v1/domains",
    headers=headers
)
print(response.json())

JavaScript (Node.js)

JavaScript 
const apiKey = "myssl_k_your_api_key_here";

const response = await fetch("https://myssl.info/api/v1/domains", {
    method: "GET",
    headers: {
        "Authorization": `Bearer ${apiKey}`,
        "Content-Type": "application/json"
    }
});

const data = await response.json();
console.log(data);

Authentication Errors

When authentication fails, the API returns one of the following error responses:

401 Unauthorized

Returned when no API key is provided or the key format is invalid.

Response 
{
  "error": "Authentication required",
  "message": "Please provide a valid API key in the Authorization header"
}
401 Invalid API Key

Returned when the provided API key doesn't exist or has been revoked.

Response 
{
  "error": "Invalid API key",
  "message": "The provided API key is invalid or has been revoked"
}
403 Forbidden

Returned when the API key is valid but doesn't have permission for the requested resource.

Response 
{
  "error": "Access denied",
  "message": "Your API key doesn't have permission for this resource"
}

API Key Management

You can manage your API keys from the dashboard. Each key can be:

Named

Give each key a descriptive name to identify its purpose.

Tracked

View last used timestamp and request counts per key.

Regenerated

Generate a new key while keeping the same name and settings.

Revoked

Immediately disable a key if it's compromised.

Tip: Create separate API keys for different environments (development, staging, production) to track usage and limit blast radius if a key is compromised.

Security Best Practices

1

Never expose keys in client-side code

API keys should only be used in server-side code. Never include them in JavaScript running in the browser, mobile apps, or any client-facing code.

2

Use environment variables

Store your API keys in environment variables or secure secret management systems. Never commit them to version control.

Bash 
export MYSSL_API_KEY="myssl_k_your_key_here"
3

Rotate keys periodically

Regularly rotate your API keys, especially for production environments. Create a new key, update your applications, then revoke the old one.

4

Monitor API key usage

Regularly check the usage statistics for your API keys in the dashboard. Unusual activity may indicate a compromised key.

5

Revoke compromised keys immediately

If you suspect a key has been compromised, revoke it immediately from the dashboard. The key will be disabled instantly.

Next Steps

Now that you understand authentication, learn about rate limits or start making API requests.

Rate Limits Domains API