Skip to main content
Bearer Authentication Required Backend Only
Every Dock API request must include a valid Bearer token in the Authorization header.

Authentication method

Use your Dock API key as the Bearer token for every authenticated request.

Keep it private

Never expose your token in frontend code, browser bundles, mobile apps, or public repositories.

​
Get your API token

1

Create or sign in to your Dock account

Open Dock Account and sign in to your developer account.
2

Generate an API key

Create a new API key from your developer dashboard.
3

Use it as a Bearer token

Send that key in the Authorization header on every request.
Your API key grants access to your Dock integration. Treat it like a secret. If you think it has been exposed, rotate it immediately.

​
Send the token

Include the token in the Authorization header of your requests: 
curl --request GET \
  --url "https://api.docksys.xyz/api/v1/public/roblox-to-discord?robloxId=12345&guildId=67890" \
  --header "Authorization: Bearer YOUR_API_TOKEN"

​
Authentication failure response

If your token is missing, invalid, or revoked, Dock returns 401 Unauthorized.
​
status
number
required
HTTP status code returned by the API.
​
error
string
required
Human-readable authentication error message.
​
timestamp
string
required
ISO 8601 timestamp showing when the response was generated.
​
version
string
required
Dock API version that handled the request.
​
requestsRemaining
number | null
Remaining requests for the API key, when available.
​
ipRequestsRemaining
number | null
Remaining shared IP quota, when applicable.
401 Unauthorized
{
  "status": 401,
  "error": "Unauthorized: Invalid API key",
  "timestamp": "2025-10-02T12:00:00Z",
  "version": "1.0.0",
  "requestsRemaining": null,
  "ipRequestsRemaining": null
}
ipRequestsRemaining appears when Dock detects multiple API keys hitting the API from the same IP and applies a shared IP quota alongside the normal per-key quota.

Rate limits

Learn how Dock enforces per-key and shared-IP quotas.

​
Use pid for app-scoped verification

When your integration needs Dock to maintain a private dataset of verified users, include your Public Identifier (pid) in the Discord verification URL.
Dock links the verification session to your API key and upserts the Discord ↔ Roblox pair into the collection reserved for your application.
https://api.docksys.xyz/v1/api/verify/discord?pid=pid-yourapp
Verification can still complete for shared guild storage, but your app-specific collection will not be updated.
Make sure the pid matches the value configured alongside your API key in the Dock dashboard.