API Authentication

Attainment Tracker provides both REST and WebSocket APIs for integration with your existing systems. This guide covers authentication methods and best practices.

Authentication Methods

API Keys

Best for server-to-server integrations.

curl -X GET https://api.swiptools.com/v1/cells \
  -H "Authorization: Bearer YOUR_API_KEY"

OAuth 2.0

Best for user-facing applications.

1. Redirect user to authorization URL
2. Receive authorization code
3. Exchange code for access token
4. Use access token for API requests

Generating API Keys

1. Navigate to Settings → API Keys
2. Click Generate New Key
3. Select permissions:
   • read:cells - View cell data
   • write:cells - Update cell configuration
   • read:production - Access production data
   • read:analytics - Access analytics and reports
4. Set expiration (optional)
5. Copy and securely store your key

⚠️ Important: API keys are shown only once. Store them securely.

Rate Limits

Plan	Requests/minute	WebSocket connections
Starter	100	5
Professional	1,000	25
Enterprise	10,000	Unlimited

Rate limit headers are included in all responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1704067200

WebSocket Authentication

Connect to the WebSocket endpoint with your API key:

const ws = new WebSocket('wss://api.swiptools.com/v1/stream');

ws.onopen = () => {
  ws.send(JSON.stringify({
    type: 'authenticate',
    apiKey: 'YOUR_API_KEY'
  }));
};

ws.onmessage = (event) => {
  const data = JSON.parse(event.data);
  console.log('Received:', data);
};

Security Best Practices

1. Never expose API keys in client-side code
2. Rotate keys regularly (every 90 days recommended)
3. Use minimum required permissions
4. Monitor API usage for anomalies
5. Use environment variables for key storage

Error Responses

Code	Meaning
401	Invalid or missing API key
403	Insufficient permissions
429	Rate limit exceeded

Support

Having trouble with authentication? Contact our support team or check the troubleshooting guide.