Back to docs

Getting Started

Authentication

BLAZLE uses API keys for programmatic access and JWT-based sessions for the dashboard.

API Key Authentication

All requests to /api/v1/intercept/* must include your API key as a Bearer token:

Authorization: Bearer sk_live_your_api_key

Keys are prefixed sk_live_. Never expose them in client-side code or public repositories. Revoke compromised keys immediately from the dashboard.

Dashboard Sessions (JWT)

The BLAZLE dashboard uses short-lived JWT access tokens (24h expiry) stored in HttpOnly, Secure, SameSite=Strict cookies — inaccessible to JavaScript. Sessions are managed automatically by the browser.

OAuth Login

You can sign in with GitHub or Google:

GET /api/v1/auth/github/login   → Redirects to GitHub OAuth
GET /api/v1/auth/google/login   → Redirects to Google OAuth