Skip to content
Quest Data Docs

Authentication

Quest Data uses two authentication methods depending on the endpoint type.

SDK Routes (API Key)

Section titled “SDK Routes (API Key)”

All SDK endpoints (/v1/track, /v1/config, /v1/leaderboards, etc.) use an API key passed as a header:

Terminal window
curl -X POST https://api.questdata.io/v1/track \
  -H "Content-Type: application/json" \
  -H "x-game-api-key: YOUR_API_KEY" \
  -d '{"event_name": "game_start", "session_id": "sess-123"}'

Get your API key from the dashboard under Configuration > API Keys.

Environment Keys

Section titled “Environment Keys”

You can create separate API keys for development and production environments. Each key tracks events independently, so test data doesn’t pollute production analytics.

Dashboard Routes (JWT)

Section titled “Dashboard Routes (JWT)”

Dashboard endpoints (/v1/games, /v1/auth/*, admin operations) use JWT Bearer tokens:

Terminal window
curl https://api.questdata.io/v1/games \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Register

Section titled “Register”
Terminal window
curl -X POST https://api.questdata.io/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "your-password"}'

Response (201):

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": { "id": "uuid", "email": "dev@example.com" },
  "backendVersion": "1.52.0"
}

Password must be at least 8 characters.

Login

Section titled “Login”
Terminal window
curl -X POST https://api.questdata.io/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "your-password"}'

Response (200):

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": { "id": "uuid", "email": "dev@example.com" },
  "backendVersion": "1.52.0"
}

Error Responses:

StatusBodyCause
401{ "error": "Invalid email or password" }Wrong credentials
403{ "error": "...", "code": "ACCOUNT_LOCKED" }Too many failed attempts
403{ "error": "...", "code": "ACCOUNT_PENDING" }Account not yet activated

JWT tokens are valid for 7 days.

Password Reset

Section titled “Password Reset”
Terminal window
# Request reset email
curl -X POST https://api.questdata.io/v1/auth/forgot-password \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com"}'


# Reset with token from email
curl -X POST https://api.questdata.io/v1/auth/reset-password \
  -H "Content-Type: application/json" \
  -d '{"token": "reset-token", "password": "new-password"}'

Error Responses

Section titled “Error Responses”

All authentication errors return a JSON object with an error field:

StatusMeaning
401Missing or invalid API key / JWT token
403Account locked, pending, or insufficient permissions
429Rate limit exceeded (1,000 requests/min per API key)