API Authentication Overview
The ConductorQA API uses secure API key authentication to control access to your testing data and ensure proper project-level permissions. This guide covers everything you need to know about authenticating with our REST API.
Authentication Method
ConductorQA uses Bearer Token authentication with API keys for secure access to the API endpoints.
Request Format
Include your API key in the Authorization header of every API request:
Authorization: Bearer YOUR_API_KEY_HEREExample API Request
curl -X GET "https://api.conductorqa.com/v1/projects" \
-H "Authorization: Bearer cqa_live_abc123def456ghi789jkl012mno345pqr678stu901vwx234"
-H "Content-Type: application/json"Getting Your API Key
Step 1: Access API Settings
- Log in to your ConductorQA account
- Navigate to Settings → API Keys
- Click Generate New API Key
Step 2: Configure API Key
- Name your key: Give it a descriptive name (e.g., “CI/CD Integration”, “Jest Reporter”)
- Select projects: Choose which projects this key can access
- Set permissions: Configure read/write access levels
- Click Create API Key
Step 3: Secure Your Key
⚠️ Important: Your API key will only be shown once. Copy it immediately and store it securely.
API Key Management
Key Properties
- Project-specific access: Each key is scoped to specific projects
- Configurable permissions: Control read/write access per project
- Unique identification: Each key has a unique identifier for tracking
- Revocable: Keys can be disabled or deleted at any time
Best Practices
- Use descriptive names: Name keys based on their purpose
- Limit project access: Only grant access to required projects
- Regular rotation: Rotate keys periodically for security
- Secure storage: Store keys in environment variables, not in code
- Monitor usage: Review API key usage in the dashboard
Authentication Examples
JavaScript/Node.js
const API_KEY = process.env.CONDUCTORQA_API_KEY;
const BASE_URL = 'https://api.conductorqa.com/v1';
const headers = {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json'
};
// Get all projects
const response = await fetch(`${BASE_URL}/projects`, { headers });
const projects = await response.json();Python
import os
import requests
API_KEY = os.getenv('CONDUCTORQA_API_KEY')
BASE_URL = 'https://api.conductorqa.com/v1'
headers = {
'Authorization': f'Bearer {API_KEY}',
'Content-Type': 'application/json'
}
# Get all projects
response = requests.get(f'{BASE_URL}/projects', headers=headers)
projects = response.json()cURL
# Set your API key as an environment variable
export CONDUCTORQA_API_KEY="cqa_live_abc123def456ghi789jkl012mno345pqr678stu901vwx234"
# Make API requests
curl -X GET "https://api.conductorqa.com/v1/projects" \
-H "Authorization: Bearer $CONDUCTORQA_API_KEY" \
-H "Content-Type: application/json"Project-Level Access Control
Understanding Scopes
API keys are scoped to specific projects, ensuring secure access:
- Full Project Access: Read and write to all test data within allowed projects
- Read-Only Access: View test data but cannot modify or create
- Specific Operations: Future versions will support granular permissions
Project Selection
When creating an API key:
- Select Projects: Choose which projects the key can access
- Permission Levels: Set read or read/write access per project
- Access Validation: API validates project access on every request
Error Handling
Common Authentication Errors
401 Unauthorized
{
"error": "Invalid API key",
"message": "The provided API key is invalid or has been revoked",
"code": "INVALID_API_KEY"
}Causes:
- Missing or malformed API key
- Revoked or expired key
- Incorrect Authorization header format
403 Forbidden
{
"error": "Insufficient permissions",
"message": "This API key does not have access to the requested project",
"code": "PROJECT_ACCESS_DENIED"
}Causes:
- API key not granted access to the requested project
- Attempting write operations with read-only key
Error Response Format
All authentication errors follow this structure:
{
"error": "Error type",
"message": "Human-readable description",
"code": "ERROR_CODE",
"timestamp": "2025-08-28T10:30:00Z"
}Rate Limiting
Current Limits
- 1000 requests per hour per API key
- Rate limit headers included in all responses
- 429 status code when limits exceeded
Rate Limit Headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1724832600Security Considerations
API Key Security
- Environment Variables: Store API keys in environment variables
- Never Commit Keys: Don’t commit API keys to version control
- Rotate Regularly: Change API keys periodically
- Monitor Access: Review API key usage logs
- Revoke Unused Keys: Remove keys that are no longer needed
Network Security
- HTTPS Only: All API communication must use HTTPS
- Valid Certificates: Verify SSL certificates in production
- Secure Networks: Use API keys only on secure networks
Troubleshooting
Common Issues
API Key Not Working
- Verify the key format:
cqa_live_prefix - Check project access permissions
- Ensure key hasn’t been revoked
- Confirm correct Authorization header format
Project Access Denied
- Verify API key has project access
- Check project ID in the request
- Confirm read/write permissions
- Review project settings
Rate Limit Exceeded
- Implement request throttling
- Cache responses when possible
- Use bulk endpoints for multiple operations
- Contact support for higher limits
Getting Help
If you’re experiencing authentication issues:
- Check your API key status in the dashboard
- Review the error response details
- Verify project access permissions
- Contact support with the error details
Next Steps
Now that you understand API authentication:
- Explore API Endpoints - Learn about available API operations
- Test Results Integration - Set up automated test reporting
- Best Practices - Follow recommended integration patterns
Need Help? Check your API key status in the ConductorQA dashboard or contact support for assistance with authentication issues.