API Authentication
QCOS APIs use API keys for authentication.
Passing your API key
Use either:
X-API-Key: <key>(recommended)Authorization: Bearer <key>(supported for compatibility)
Security best practices
- Do not hardcode API keys in source code.
- Use environment variables (for example
QCOS_API_KEY) or a secrets manager. - Rotate keys regularly and revoke unused keys.
Related
- See Getting Started → Authentication for end-user setup.