API Authentication

Securely authenticate your requests using JWT bearer tokens issued through our API key system.

Authentication required for all production endpoints • 1000 requests per hour

Bearer Token Authentication

Use a JWT bearer token obtained from your Open Guestbook dashboard to authenticate all API requests.

1. Obtain API Key

Generate a new API key from the dashboard. Keys include write and read scopes.

2. Set Authorization Header

Attach your token to all requests. Example format in HTTP headers:


                        Authorization: Bearer YOUR_API_KEY

Code examples

JavaScript Example


fetch('https://api.openguestbook.tech/v1/entries', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_TOKEN_HERE',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ message: "Great service!" })
})

cURL Example


curl -X POST 'https://api.openguestbook.tech/v1/entries' \\
  -H 'Authorization: Bearer YOUR_API_KEY' \\
  -H 'Content-Type: application/json' \\
  -d '{"message": "My new guestbook entry"}'

Security Best Practices

1. Store Secrets Safely

Use environment variables for keys in production. Never commit tokens to source code or public repositories.

2. Rotate Regularly

Rotate credentials every 90 days. Regenerate any leaked or compromised tokens immediately.

3. Restrict Scopes

Assign only required permissions to each key. Separate staging and production credentials.

4. Monitor Activity

Track API usage patterns through the dashboard. Set alerts for abnormal activity.

Frequently Asked Questions

How long do API tokens remain valid?

Tokens are valid indefinitely until manually revoked. Best practice is to rotate every 90 days.

What happens when a token is revoked?

All requests using the revoked token will be denied with 401 Unauthorized status.

How are rates limited?

Rate limits reset hourly. API keys get 1000 requests per hour by default, with plans offering higher tiers.