Authentication

QuestionStock's developer API uses bearer-style API keys. Every request to /api/v1/* must include an Authorization header, and authenticated access requires a Business-enabled personal workspace.

Open API console

Header format

Authorization header

http

Authorization: Bearer qsk_v1_your_api_key

Key behavior

Keys are scoped to the personal workspace that created them.
Authenticated content API access requires a Business plan with enforced limits.
Bespoke enterprise agreements can customize limits.
Raw key values are shown once and then irrecoverable.
Revoked keys fail immediately.
Use GET /api/v1/status as the supported auth and entitlement probe.

Security best practices

Never expose keys in frontend bundles or client storage.
Store keys in a secrets manager and scope by environment.
Rotate keys on schedule and immediately after staffing or access changes.
Log request IDs and status codes, not full credentials.
If you need cheat-resistant scoring, proxy QuestionStock responses through your backend and withhold answer.* until answer reveal time.

Failure responses

Auth-related failures return structured JSON errors. See the full error model for retry guidance and limit handling.

View errors and limits

Guides

Overview Getting Started Authentication Content Delivery Errors & Limits Production Readiness Examples API Reference

Reference

Status Questions Categories Category Suggestions

API docs navigation