Skip to content
endlesstesting.ai

Authentication

API Keys

Section titled “API Keys”

All protected API endpoints require a Bearer token:

Authorization: Bearer et_live_abc123...

API keys are scoped to a single domain. Each key has an et_live_ prefix followed by 32 hex characters.

Generate a key

Section titled “Generate a key”

Via CLI

Section titled “Via CLI”
Terminal window
endlesstesting init

The init flow creates a domain and generates an API key automatically.

Via API

Section titled “Via API”
Terminal window
curl -X POST https://appbe.endlesstesting.ai/api/auth/api-key \
  -H "Content-Type: application/json" \
  -d '{"domainId": "your-domain-id"}'

The key is returned once and cannot be retrieved again. Store it securely.

Regenerate a key

Section titled “Regenerate a key”
Terminal window
curl -X POST https://appbe.endlesstesting.ai/api/auth/api-key/regenerate \
  -H "Authorization: Bearer et_live_your-current-key"

This invalidates the old key immediately.

Verify a key

Section titled “Verify a key”
Terminal window
curl https://appbe.endlesstesting.ai/api/auth/verify \
  -H "Authorization: Bearer et_live_your-key"

Returns:

{
  "valid": true,
  "domain": { "id": "...", "host": "mysite.com" }
}

Public endpoints (no auth required)

Section titled “Public endpoints (no auth required)”

These endpoints are called by the SDK from visitor browsers and do not require authentication:

  • GET /api/sdk.js — SDK script
  • POST /api/events — Event tracking
  • GET /api/tests/by-url-allocations — Variant allocation
  • GET /api/health — Health check