Skip to content
ET Notif Docs

Authentication and API Keys

Auth model

Section titled “Auth model”

All developer APIs use:

Authorization: Bearer <api_key>

Gateway hashes the supplied key and checks active key records in D1.

How keys are created

Section titled “How keys are created”

Use Telegram bot commands:

  • /dev_start
  • /dev_key_new [label]
  • /dev_key_list
  • /dev_key_show <key_id_short>
  • /dev_key_revoke <key_id_short>
  • /dev_key_rotate <key_id_short> [new_label]

Branding precedence

Section titled “Branding precedence”

For end-user Telegram-facing messages:

  1. api_keys.key_label from the authenticated key (if present)
  2. developers.developer_name fallback
  3. fallback literal Developer

Key safety

Section titled “Key safety”
  • Treat keys as secrets.
  • Keep no more active keys than required.
  • Rotate and revoke regularly.
  • Revoke immediately if exposed.