Bridge Training
API

Authentication

API authentication methods.

API Key (server-to-server)

Used by the PHP backend and other internal services. The key is set via the API_KEY environment variable.

curl -H "X-API-Key: your-secret-key" https://api.example.com/api/deals/abc-123

All /api/deals/* routes require a valid API key. Requests without it or with an invalid key receive a 401 Unauthorized response.

JWT Bearer (client-side)

Used by the web application for authenticated user actions. Tokens are issued by Clerk.

curl -H "Authorization: Bearer eyJhbG..." https://api.example.com/api/protected/resource

The authMiddleware verifies the token and sets the userId on the request context. Protected routes are not yet mounted but the middleware is ready.

Public routes

Some endpoints (e.g. form submissions) require no authentication. These are rate-limited and validated via request schemas instead.

Overview

Bridge Training REST API reference.

Errors

Error response format and codes.

On this page

API Key (server-to-server)JWT Bearer (client-side)Public routes