API & Integrations

Authentication

Secure your API integrations with proper authentication.

Bearer Token Authentication

All API endpoints support Bearer token authentication via the Authorization header.

Authorization: Bearer YOUR_API_SECRET

Environment Variables

Each webhook endpoint has its own secret configured via environment variables:

ARCADE_WEBHOOK_SECRET=your-arcade-secret
FEEDBACK_WEBHOOK_SECRET=your-feedback-secret
INVENTORY_WEBHOOK_SECRET=your-inventory-secret
BAR_WEBHOOK_SECRET=your-bar-secret
EVENTS_WEBHOOK_SECRET=your-events-secret

Security Best Practices

  • • Never commit secrets to version control
  • • Use unique secrets for each endpoint
  • • Rotate secrets periodically
  • • Use HTTPS for all API calls
  • • Implement IP allowlisting if possible