API Authentication
Base URL:
https://api.deptic.inAuthentication methods:
1. JWT Bearer Token (Dashboard users)
All dashboard API endpoints require a JWT token issued by Supabase Auth. Include it in the Authorization header:
bash
curl https://api.deptic.in/api/scans \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."2. API Key (CLI and CI/CD)
Single-use API keys for programmatic access. Include in the request body or X-API-Key header:
bash
curl -X POST https://api.deptic.in/api/scan-local \
-H "Content-Type: application/json" \
-d '{
"api_key": "depticio_your_key_here",
"project_name": "my-app",
"manifests": [...]
}'API keys are single-use. Each key allows exactly one scan. After use, the key is invalidated and returns HTTP 403 on subsequent requests. Generate a new key for each scan from Settings → API Keys.
API key format:
depticio_{40 random alphanumeric characters}
Total length: 47 characters
Example: depticio_REcw6aPPddYnhYw7ewIx3fa0gJuR2bsEYAP2ERRQHTTP status codes:
| Status | Meaning |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Bad request — missing or invalid parameters |
| 401 | Unauthorized — missing or invalid credentials |
| 403 | Forbidden — API key already used, or insufficient permissions |
| 404 | Not found |
| 429 | Rate limit exceeded |
| 500 | Internal server error |