Authentication

The quicksrv API authenticates with API keys that you generate in your panel. There are no separate client IDs or OAuth flows — a key fully identifies and authorises the request.

Passing your key

Send the key as a Bearer token:

curl https://api.prod.quicksrv.io/api/v1/instances \
  -H "Authorization: Bearer qsk_live_xxxxxxxxxxxxxxxxxxxxxxxx"

Alternatively, use the X-API-Key header:

curl https://api.prod.quicksrv.io/api/v1/instances \
  -H "X-API-Key: qsk_live_xxxxxxxxxxxxxxxxxxxxxxxx"

A missing, malformed, revoked or expired key returns 401 Unauthorized.

Key format and storage

• Keys look like qsk_live_ followed by a random string.
• We store only a hash of your key. The plaintext is shown once, at creation. If you lose it, revoke the key and create a new one.
• Each key shows a short non-secret prefix (e.g. qsk_live_a1b2c3) in the panel so you can tell keys apart.

Scopes

Keys are scoped. Pick the least privilege your integration needs:

Scope	Grants
vps:read	List and inspect instances, status, metrics, plans, snapshots, etc.
vps:write	Lifecycle and management actions (start/stop/reinstall/resize/rDNS/…).
vps:create	Deploy new instances (charges your wallet).

Scopes are hierarchical: vps:create implies vps:write, which implies vps:read. A key with only vps:read that calls a write endpoint receives 403 Forbidden with a message naming the missing scope.

Inspect a key’s effective identity and scopes with:

curl https://api.prod.quicksrv.io/api/v1/whoami \
  -H "Authorization: Bearer qsk_live_xxxxxxxxxxxxxxxxxxxxxxxx"

Expiry and revocation

• Keys can optionally be given an expiry. Expired keys are rejected with 401.
• Revoke a key any time in Account → API keys. Revocation takes effect immediately.

Security tips

• Treat keys like passwords. Never commit them to source control or ship them in client-side code.
• Use a separate key per integration so you can revoke one without disrupting others.
• Prefer narrowly scoped keys (e.g. a monitoring job only needs vps:read).

Next: Creating a VPS →