Authentication
QuizAPI uses API keys to authenticate requests. You can manage your API keys from the API Keys page in your dashboard.
API Key Format
All API keys follow a predictable format with a prefix indicating the environment:
| Prefix | Environment | Description |
|---|---|---|
qza_live_ | Production | Live API key for production use |
qza_test_ | Testing | Test key for development and staging |
Method 1: Authorization Header
RecommendedThe most secure method. Pass your API key in the Authorization header as a Bearer token.
curl -X GET "https://quizapi.io/api/v1/quizzes" \
-H "Authorization: Bearer qza_live_abc123def456"Method 2: Query Parameter
Pass the API key as a query parameter. Useful for quick testing, but not recommended for production as the key may appear in server logs.
Query parameters may be logged by proxies and servers. Use the Authorization header in production.
curl -X GET "https://quizapi.io/api/v1/quizzes?api_key=qza_live_abc123def456"Authentication Errors
When authentication fails, the API returns a 401 Unauthorized response:
{
"success": false,
"error": "Invalid API key."
}| Status | Description |
|---|---|
| 401 | API key is missing or invalid. |
| 429 | Rate limit exceeded. Wait and retry with exponential backoff. |
Rate Limiting
API requests are rate limited to 60 requests per minute per IP address. When the limit is exceeded, the API returns a 429 status with a Retry-After header.
See the Rate Limits page for details on handling rate-limited responses.