Authentication
All API requests require authentication using Bearer Token.
Getting Your API Key
- Visit the API Key Management Page
- Generate your unique API key
Usage
Add to your request headers:
Authorization: Bearer YOUR_API_KEY
Security Notice
- Keep your API key secure and never share it
- Rotate your keys periodically
- Reset your key immediately if compromised
Implementation Guide
Basic Usage
const API_KEY = "your_api_key_here";
async function callApi(endpoint, data) {
const response = await fetch(`https://deepseekapiio.erweima.ai${endpoint}`, {
method: "POST",
headers: {
"Content-Type": "application/json",
Authorization: `Bearer ${API_KEY}`,
},
body: JSON.stringify(data),
});
return response.json();
}
Secure Key Management
// Environment-based configuration
class ApiConfig {
constructor() {
this.apiKey = process.env.API_KEY;
this.environment = process.env.NODE_ENV;
this.baseUrl = this.getBaseUrl();
}
getBaseUrl() {
return "https://deepseekapiio.erweima.ai";
}
validateConfig() {
if (!this.apiKey) {
throw new Error("API key not configured");
}
}
}
Best Practices
1. Key Storage
- Never hardcode API keys in your code
- Use environment variables or secure key management systems
- Keep different keys for development and production
// Using environment variables
require("dotenv").config();
const apiKey = process.env.DEEPSEEKAPI_API_KEY;
if (!apiKey) {
throw new Error("API key not found in environment");
}
2. Key Rotation
class KeyManager {
constructor() {
this.lastRotation = new Date();
this.rotationInterval = 90 * 24 * 60 * 60 * 1000; // 90 days
}
async checkRotation() {
const now = new Date();
if (now - this.lastRotation > this.rotationInterval) {
await this.rotateKey();
}
}
async rotateKey() {
// Implement key rotation logic
console.log("Rotating API key...");
this.lastRotation = new Date();
}
}
3. Request Authentication
class AuthenticatedRequest {
constructor(apiKey) {
this.apiKey = apiKey;
this.headers = this.getHeaders();
}
getHeaders() {
return {
"Content-Type": "application/json",
Authorization: `Bearer ${this.apiKey}`,
};
}
async send(endpoint, method = "GET", data = null) {
const options = {
method,
headers: this.headers,
...(data && { body: JSON.stringify(data) }),
};
const response = await fetch(endpoint, options);
if (!response.ok) {
throw new AuthError(response.status, response.statusText);
}
return response.json();
}
}
Security Recommendations
-
Access Control
- Implement proper role-based access control
- Limit API key permissions based on needs
- Monitor and log API key usage
-
Key Protection
- Use secure storage solutions
- Encrypt keys at rest
- Implement key expiration policies
-
Monitoring
- Track API key usage patterns
- Set up alerts for suspicious activity
- Log authentication failures
Error Handling
class AuthError extends Error {
constructor(status, message) {
super(message);
this.status = status;
this.name = "AuthError";
}
}
function handleAuthError(error) {
if (error.status === 401) {
console.error("Invalid or expired API key");
// Implement your error handling logic
}
}
Pro Tip
Regularly audit your API key usage and implement automated key rotation to maintain security. Consider using a secrets management service for production environments.