Beladed Livestream · Authentication
Authentication
Choose the narrowest credential for your environment, account, product, and operation. This page applies the contract to Beladed Livestream.
Credential types
| Credential | Where it belongs | Use |
|---|---|---|
| No key | Any client | Explicitly public reads and redirect destinations |
| Publishable key | Approved web origin or extension | Narrow browser-safe operations; never grants administrative access |
| Secret key | Your trusted server only | Account-scoped reads and mutations |
| OAuth client | Backend authorization flow | Approved partner integrations |
Send credentials in headers
Use the X-Beladed-API-Key header for server-side requests or X-Beladed-Public-Key for explicitly supported client operations. Do not put credentials in query strings because URLs can be retained in logs and browser history.
curl https://api.beladed.dev/api/events/all \
+ -H "X-Beladed-API-Key: sk_dev_beladed_REPLACE_ME"
Account eligibility
Business and Streamer accounts can operate supported product resources. Personal accounts participate in documented consumer flows, such as attending events or completing purchases, but do not receive merchant or operator permissions.
Scopes and permissions
- Product scope
- Limits a credential to the selected Beladed products.
- Read
- Permits documented read operations.
- Edit
- Permits normal create and update operations where the account is eligible.
- Administrator
- Reserved for sensitive owner actions and never implied by a public key.