API & Integrations
Authentication
Secure your API integrations with proper authentication.
Bearer Token Authentication
All API endpoints support Bearer token authentication via the Authorization header.
Authorization: Bearer YOUR_API_SECRET
Environment Variables
Each webhook endpoint has its own secret configured via environment variables:
ARCADE_WEBHOOK_SECRET=your-arcade-secret FEEDBACK_WEBHOOK_SECRET=your-feedback-secret INVENTORY_WEBHOOK_SECRET=your-inventory-secret BAR_WEBHOOK_SECRET=your-bar-secret EVENTS_WEBHOOK_SECRET=your-events-secret
Security Best Practices
- • Never commit secrets to version control
- • Use unique secrets for each endpoint
- • Rotate secrets periodically
- • Use HTTPS for all API calls
- • Implement IP allowlisting if possible