Authentication
How to authenticate your API requests.
API Coming Soon
Authentication details will be finalized when the API launches.
API Keys
All API requests require authentication via API keys.
Getting an API Key
- Go to Dashboard > Settings > API
- Click Generate API Key
- Give your key a descriptive name
- Copy and securely store your key
Important: API keys are only shown once. Store them securely.
Using Your API Key
Include your API key in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://tabletopleague.com/api/v1/competitions
Or as a query parameter (not recommended for production):
https://tabletopleague.com/api/v1/competitions?api_key=YOUR_API_KEY
Scopes
API keys can have different permission levels:
| Scope | Access |
|-------|--------|
| read | Read-only access to public data |
| write | Create and update matches |
| admin | Full access (organization management) |
Request only the scopes you need.
Rate Limits
To ensure fair usage:
- 100 requests per minute for standard keys
- 1000 requests per minute for verified partners
- Rate limit headers included in all responses
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1706123456
Security Best Practices
- Never expose API keys in client-side code
- Use environment variables for key storage
- Rotate keys periodically
- Monitor usage for anomalies
- Use HTTPS for all requests
OAuth 2.0 (Future)
We plan to support OAuth 2.0 for applications that act on behalf of users. This will enable:
- Login with Tabletop League
- User-authorized actions
- Granular permission requests
Stay tuned for updates.