Wiki Navigation

Wiki Home
Configuration Files
Overview types.xml events.xml globals.xml economy.xml messages.xml
Config Settings
cfgeconomycore.xml cfgEffectArea.json cfgenvironment.xml cfgeventspawns.xml cfggameplay.json cfgIgnoreList.xml cfgweather.xml
Server Config
cfglimitsdefinition.xml cfgplayerspawnpoints.xml cfgrandompresets.xml cfgspawnabletypes.xml serverDZ.cfg Server Start .bat
API
Overview Authentication Instances Classnames Categories Subcategories Mods Types File Generates File Uploads Messages Events Trader Items
Legal
Terms & Conditions
API Reference
Bearer Token

API Authentication

All API requests to DZconfig require authentication using a Bearer token. This page explains how to obtain and use your API token for secure access.

How It Works

Authentication uses API tokens unique to each user account. Your token identifies and authorizes your requests, granting access to your instances and resources. Include the token in the Authorization header of every API request using the Bearer scheme.

Finding Your API Token

Your API token is available in your account settings. Follow these steps to locate it:

1 Log in to your DZconfig account
2 Navigate to your profile settings
3 Look for the "API Token" section
4 Copy your API token for use in requests

Security Notice: Keep your API token secure. Never share it with others, expose it in client-side code, or commit it to version control. Treat it like a password.

Using Your API Token

Include your token in the Authorization header using the Bearer scheme: 

Authorization: Bearer YOUR_API_TOKEN

cURL Example

curl -X GET "https://dzconfig.com/api/user" \
     -H "Authorization: Bearer YOUR_API_TOKEN" \
     -H "Accept: application/json"

JavaScript Example

fetch('https://dzconfig.com/api/user', {
    method: 'GET',
    headers: {
        'Authorization': 'Bearer YOUR_API_TOKEN',
        'Accept': 'application/json'
    }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error(error));

PHP Example

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://dzconfig.com/api/user');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer YOUR_API_TOKEN',
    'Accept: application/json'
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);

Testing Authentication

Verify your token works by calling the validation endpoint. A successful response confirms your authentication is configured correctly. 

GET /api/validate

Success response:

{ "result": "success" }

Authentication Errors

Failed authentication returns a 401 status code. Common causes include invalid tokens, missing headers, or incorrect header format. 

HTTP/1.1 401 Unauthorized

Error response:

{
  "error": "Unauthorized",
  "message": "Invalid API token"
}

Security Best Practices

Recommended

  • Store tokens in environment variables or secure vaults
  • Use HTTPS for all API requests
  • Regenerate your token if you suspect compromise
  • Limit token access to necessary services only

Avoid

  • Sharing your API token with others
  • Including tokens in client-side JavaScript
  • Committing tokens to version control
  • Logging tokens in application logs

Pro Tips

Use a dedicated API client library or HTTP wrapper in your application to centralize authentication logic. This makes it easier to update tokens and handle authentication errors consistently across your codebase. Consider implementing automatic retry logic for transient authentication failures.

Back to API Documentation Next: Instances API