Skip to main content

Authentication

TechSlayers products use either API keys (sent as headers) or bearer tokens (sent via the Authorization header).
Never embed secrets in client-side code. Store them in your server environment (or a secret manager) and rotate them regularly.

Product auth matrix

ProductTypeHow to send
DarkReconAPI keyX-API-Key: <key>
FileScannerAPI key (optional)X-API-Key: <key> and optionally X-Device-Name: <device>
RTSWPScanAPI keyAPI-Key: <key>
SenthrexBearer tokenAuthorization: Bearer <token>
LegbaBearer tokenAuthorization: Bearer <token>
  1. Keep the secret server-side only.
  2. Add a thin wrapper per product that:
    • injects auth headers
    • sets a sensible timeout
    • logs request IDs (if present)
    • retries only when safe (see /platform/rate-limits)

Examples

DarkRecon (X-API-Key)

curl -X GET "https://darkrecon.1337807.xyz/view_breaches" \
  -H "X-API-Key: $DARKRECON_API_KEY"

Senthrex (Authorization: Bearer)

curl -X GET "https://rts-senthrex.slayers.tech/scans" \
  -H "Authorization: Bearer $SENTHREX_TOKEN"