API Authentication
The WeProxies API uses Bearer token authentication for secure access.
Getting an API Token
Via Dashboard
- Log in to WeProxies Dashboard
- Navigate to Settings → API Keys
- Click Generate New Key
- Copy and securely store your token
warning
API tokens are shown only once. Store them securely immediately after generation.
Token Properties
| Property | Value |
|---|---|
| Format | JWT (JSON Web Token) |
| Expiration | 1 year (configurable) |
| Scope | Full account access |
Using Your Token
Authorization Header
Include the token in the Authorization header with the Bearer prefix:
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
https://api.weproxies.com/api/v1/me
Examples
Python
import requests
API_TOKEN = "your_api_token"
BASE_URL = "https://api.weproxies.com"
headers = {
"Authorization": f"Bearer {API_TOKEN}",
"Content-Type": "application/json"
}
response = requests.get(f"{BASE_URL}/api/v1/me", headers=headers)
print(response.json())
Node.js
const axios = require('axios');
const API_TOKEN = 'your_api_token';
const BASE_URL = 'https://api.weproxies.com';
const client = axios.create({
baseURL: BASE_URL,
headers: {
'Authorization': `Bearer ${API_TOKEN}`,
'Content-Type': 'application/json'
}
});
client.get('/api/v1/me')
.then(response => console.log(response.data))
.catch(error => console.error(error));
cURL
curl -X GET "https://api.weproxies.com/api/v1/me" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Token Security
Best Practices
-
Never expose tokens in client-side code
// ❌ Bad - Token exposed in browser
const token = "sk_live_abc123...";
// ✅ Good - Token stored server-side
const token = process.env.WEPROXIES_API_TOKEN; -
Use environment variables
export WEPROXIES_API_TOKEN="your_token_here" -
Rotate tokens periodically
- Generate new tokens every few months
- Revoke old tokens immediately after rotation
-
Use separate tokens for different environments
- Development token
- Staging token
- Production token
Revoking Tokens
To revoke a compromised or unused token:
- Go to Settings → API Keys
- Find the token to revoke
- Click Revoke
The token is immediately invalidated.
Error Responses
401 Unauthorized
{
"detail": "Could not validate credentials",
"success": false
}
Causes:
- Missing
Authorizationheader - Invalid token format
- Expired token
403 Forbidden
{
"detail": "Not enough permissions",
"success": false
}
Causes:
- Token doesn't have required scope
- Account suspended
- Resource belongs to different user
Rate Limiting
Authenticated requests are subject to rate limits:
| Endpoint Type | Limit |
|---|---|
| Read operations | 100/minute |
| Write operations | 20/minute |
| Bulk operations | 5/minute |
Rate limit headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1699900000
Handling Rate Limits
import requests
import time
def api_request(url, headers, max_retries=3):
for attempt in range(max_retries):
response = requests.get(url, headers=headers)
if response.status_code == 429:
reset_time = int(response.headers.get('X-RateLimit-Reset', 60))
wait_time = reset_time - int(time.time())
print(f"Rate limited. Waiting {wait_time} seconds...")
time.sleep(max(wait_time, 1))
continue
return response
raise Exception("Max retries exceeded")
OAuth (Coming Soon)
We're working on OAuth 2.0 support for third-party integrations. This will allow:
- Delegated access to user accounts
- Granular permission scopes
- Secure token refresh flow
Contact us if you're interested in early access.