Authentication

DevPlace accepts four interchangeable authentication methods. The website uses the
session cookie; the other three authenticate any request - any page or action -
without a browser login, ideal for scripts and automation. See
Conventions & Errors for the base URL, request bodies,
content negotiation, pagination, and status codes that every endpoint shares.

You are not logged in. Examples below use placeholders. Log in and
reload this page to see ready-to-copy examples with your own API key.

Your API key is a UUID shown on your profile page.
You can regenerate it there at any time; the previous key stops working immediately.

The interactive panels throughout the API reference pre-fill your API
key, so you can run user-level calls directly from these pages. Vote, reaction, bookmark, and
poll endpoints require an X-Requested-With: fetch header to return JSON instead of a
redirect; the panels and generated snippets add it automatically.

1. Session cookie

The website signs you in with a session cookie after you log in. Browsers send it
automatically - nothing to configure.

2. X-API-KEY header

Send your API key in the X-API-KEY header:

curl -H "X-API-KEY: YOUR_API_KEY" \
  https://devplace.net/notifications

3. Bearer token

The same API key also works as a Bearer token, supported out of the box by many HTTP clients:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://devplace.net/notifications

4. HTTP Basic

Authenticate with your username (or email) and password. curl -u base64-encodes
the credentials for you:

curl -u YOUR_USERNAME:YOUR_PASSWORD \
  https://devplace.net/notifications

This sends an Authorization: Basic base64(username:password) header. You can also
build the header yourself:

curl -H "Authorization: Basic $(printf '%s' 'YOUR_USERNAME:YOUR_PASSWORD' | base64)" \
  https://devplace.net/notifications

Performing actions

The same methods work on POST actions. For example, follow another user:

curl -X POST -H "X-API-KEY: YOUR_API_KEY" \
  https://devplace.net/follow/SOME_USERNAME

Create a post:

curl -X POST -H "X-API-KEY: YOUR_API_KEY" \
  -d "topic=devlog" -d "title=Hello" -d "content=Posted from a script" \
  https://devplace.net/posts/create

Errors

Invalid credentials make protected endpoints respond with 401 Unauthorized. Requests
with no credentials are treated as anonymous, and protected actions redirect to the login
page as in the browser. The full status-code and error-shape reference lives in
Conventions & Errors.