Skip to main content

Authentication

All DarkRecon endpoints require an API key header.
  • X-API-Key: <your_api_key>
Keep the API key server-side. DarkRecon is designed for backend or trusted service-to-service usage, not direct browser exposure.

Example

curl -X GET "https://darkrecon.1337807.xyz/scan/YOUR_SCAN_ID" \
  -H "X-API-Key: $DARKRECON_API_KEY"

Observed error behavior

  • Missing X-API-Key currently returns 422 with a validation payload from the API framework.
  • Invalid or revoked API keys return 403 with a standard error body.
Missing header example: 
{
  "detail": [
    {
      "type": "missing",
      "loc": ["header", "x-api-key"],
      "msg": "Field required",
      "input": null
    }
  ]
}
Invalid key example: 
{
  "detail": "Could not validate API key"
}
See /platform/authentication for broader TechSlayers platform guidance.