Authentication
API Key Authentication
All API requests require authentication using an API key. Generate API keys from the Developer Portal.
Include your API key using one of these methods:
Authorization Header (Recommended)
Authorization: Bearer tm_your_api_key_here
X-API-Key Header
X-API-Key: tm_your_api_key_here
API Key Scopes
| Scope | Description | Required For |
|---|---|---|
read | View trips, events, and user data | GET requests |
write | Create and update trips and events | POST, PATCH requests |
delete | Remove trips, events, and other data | DELETE requests |
Example Request
cURL:
curl -X GET "https://travelmode2.replit.app/api/trips" \
-H "Authorization: Bearer tm_your_api_key"
Python:
import requests
API_KEY = "tm_your_api_key"
BASE_URL = "https://travelmode2.replit.app"
response = requests.get(
f"{BASE_URL}/api/trips",
headers={"Authorization": f"Bearer {API_KEY}"}
)
print(response.json())
JavaScript:
const API_KEY = 'tm_your_api_key';
const BASE_URL = 'https://travelmode2.replit.app';
const response = await fetch(`${BASE_URL}/api/trips`, {
headers: { 'Authorization': `Bearer ${API_KEY}` }
});
const data = await response.json();
console.log(data);
Security Best Practices
- Never expose API keys in client-side code
- Store keys in environment variables
- Rotate keys periodically
- Use the minimum required scopes
- Revoke compromised keys immediately from the Developer Portal