Version 0.3.0
Release Date: February 3, 2026
🔑 API Key Owner Role Authentication
This release introduces Owner role support for API keys, enabling API key authentication as an alternative to JWT tokens for most private endpoints.
What's New
API Key with Owner Role Access
Previously, many endpoints required JWT (Bearer token) authentication only. Now, you can use an API key with Owner role to access the same endpoints. This is useful for:
- Server-to-server integrations - No need to manage JWT token refresh
- Automation scripts - Use long-lived API keys instead of short-lived JWTs
- Third-party integrations - Provide API keys to external services
Supported Endpoints
The following endpoint groups now accept both JWT and API key (Owner role):
| Endpoint Group | Description |
|---|---|
/api/v1/quizzes | Quiz CRUD operations |
/api/v1/questions | Question management |
/api/v1/question-templates | Question template management |
/api/v1/participants | Participant management |
/api/v1/info/* | Dashboard info and analytics |
How to Use
- Create an API key with
Ownerrole via the dashboard or API - Include the header
x-api-key: your-api-keyin your requests - You can use either
x-api-keyORAuthorization: Bearer <token>- both work
# Using API key
curl -H "x-api-key: your-owner-api-key" \
https://api.example.com/api/v1/quizzes
# Using JWT (still works)
curl -H "Authorization: Bearer your-jwt-token" \
https://api.example.com/api/v1/quizzes
API Key Roles
| Role | Access Level |
|---|---|
| Owner | Full access to all private endpoints (same as JWT) |
| User | Limited access for member/client endpoints only |
Breaking Changes
None. Existing JWT authentication continues to work unchanged.
Notes
- API key management endpoints (
/api/v1/apikeys) still require JWT authentication only - Public endpoints remain accessible without authentication
- Member endpoints (
/api/v1/members/*) continue to use User role API keys