Authentication

Dock developer API endpoints use API-key authentication.

API-key auth

Send your API key as a Bearer token.

Authorization: Bearer YOUR_API_KEY

API keys must stay server-side. Do not place them in frontend JavaScript, mobile apps, public Git repositories, Discord messages, screenshots, or logs.

curl --request GET \
  --url "https://api.docksys.xyz/api/v1/public/roblox-to-discord?robloxId=156319135&guildId=987654321098765432" \
  --header "Authorization: Bearer YOUR_API_KEY"

Key safety rules

Use one key per integration scope

Do not create extra keys to bypass quotas, restrictions, suspensions, or access controls.

Rotate compromised keys

If a key is exposed, revoke it and create a replacement from the dashboard.

Restrict trusted hosts

Use IP allowlists or denylists when a key should only run from known infrastructure.

Log safely

Log request IDs and status codes, not full API keys or sensitive account data.

Common auth failures

INVALID_API_KEY

401

The Bearer token is missing, invalid, expired, revoked, or disabled.

PREMIUM_REQUIRED

403

The endpoint or requested expansion requires a Premium key.

Auth error

{
  "status": 401,
  "error": "Unauthorized: Invalid API key",
  "version": "1.0.0",
  "timestamp": "2026-05-07T00:00:00.000Z"
}

API Overview

Rate Limits

​API-key auth

​Key safety rules

​Common auth failures

API-key auth

Key safety rules

Common auth failures