API
API Authentication
Learn how to authenticate with Attainment Tracker's REST and WebSocket APIs.
Attainment Tracker provides both REST and WebSocket APIs for integration with your existing systems. This guide covers authentication methods and best practices.
Authentication Methods
API Keys
Best for server-to-server integrations.
curl -X GET https://api.swiptools.com/v1/cells \
-H "Authorization: Bearer YOUR_API_KEY"
OAuth 2.0
Best for user-facing applications.
- Redirect user to authorization URL
- Receive authorization code
- Exchange code for access token
- Use access token for API requests
Generating API Keys
- Navigate to Settings → API Keys
- Click Generate New Key
- Select permissions:
read:cells- View cell datawrite:cells- Update cell configurationread:production- Access production dataread:analytics- Access analytics and reports
- Set expiration (optional)
- Copy and securely store your key
⚠️ Important: API keys are shown only once. Store them securely.
Rate Limits
| Plan | Requests/minute | WebSocket connections |
|---|---|---|
| Starter | 100 | 5 |
| Professional | 1,000 | 25 |
| Enterprise | 10,000 | Unlimited |
Rate limit headers are included in all responses:
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1704067200
WebSocket Authentication
Connect to the WebSocket endpoint with your API key:
const ws = new WebSocket('wss://api.swiptools.com/v1/stream');
ws.onopen = () => {
ws.send(JSON.stringify({
type: 'authenticate',
apiKey: 'YOUR_API_KEY'
}));
};
ws.onmessage = (event) => {
const data = JSON.parse(event.data);
console.log('Received:', data);
};
Security Best Practices
- Never expose API keys in client-side code
- Rotate keys regularly (every 90 days recommended)
- Use minimum required permissions
- Monitor API usage for anomalies
- Use environment variables for key storage
Error Responses
| Code | Meaning |
|---|---|
| 401 | Invalid or missing API key |
| 403 | Insufficient permissions |
| 429 | Rate limit exceeded |
Support
Having trouble with authentication? Contact our support team or check the troubleshooting guide.