Docs
API Reference

Authentication

Authenticate with the Demoship API using API keys or OAuth 2.0.

The Demoship API supports two authentication methods: API keys for server-to-server integrations and OAuth 2.0 for user-facing applications.

API keys

Generating a key

  1. Go to Settings > API > Keys.
  2. Click Create Key.
  3. Name the key and select the scopes it should have.
  4. Copy the key immediately -- it is shown only once.

Using the key

Pass the API key in the Authorization header:

curl https://api.demoship.com/v1/demos \
  -H "Authorization: Bearer dsk_your_api_key"
const response = await fetch('https://api.demoship.com/v1/demos', {
  headers: {
    'Authorization': 'Bearer dsk_your_api_key'
  }
});
const data = await response.json();
import requests

response = requests.get(
    'https://api.demoship.com/v1/demos',
    headers={'Authorization': 'Bearer dsk_your_api_key'}
)
data = response.json()

OAuth 2.0

For applications that act on behalf of a user, use the OAuth 2.0 authorization code flow.

Setup

  1. Go to Settings > API > OAuth Apps.
  2. Click Create App.
  3. Enter a name, redirect URI, and select scopes.
  4. Note the Client ID and Client Secret.

Authorization flow

  1. Redirect the user to the authorization endpoint:
https://app.demoship.com/oauth/authorize?
  client_id=your_client_id&
  redirect_uri=https://yourapp.com/callback&
  response_type=code&
  scope=demos:read demos:write
  1. After the user authorizes, Demoship redirects to your callback with a code.
  2. Exchange the code for an access token:
curl -X POST https://api.demoship.com/v1/oauth/token \
  -d "grant_type=authorization_code" \
  -d "code=the_auth_code" \
  -d "client_id=your_client_id" \
  -d "client_secret=your_client_secret" \
  -d "redirect_uri=https://yourapp.com/callback"

Token refresh

Access tokens expire after 1 hour. Use the refresh token to get a new access token:

curl -X POST https://api.demoship.com/v1/oauth/token \
  -d "grant_type=refresh_token" \
  -d "refresh_token=your_refresh_token" \
  -d "client_id=your_client_id" \
  -d "client_secret=your_client_secret"

Scopes

ScopeAccess
demos:readList and read demos
demos:writeCreate, update, and delete demos
analytics:readRead engagement data
shares:readList share links
shares:writeCreate and manage share links
team:readList team members
team:writeInvite and manage team members
webhooks:writeCreate and manage webhooks

Security best practices

  • Store API keys in environment variables, not in source code
  • Use the minimum scopes required for your integration
  • Rotate keys regularly in Settings > API > Keys
  • Revoke keys immediately if compromised
  • Use OAuth 2.0 for user-facing applications instead of sharing API keys

API Overview

REST API basics -- base URL, versioning, rate limits, and response format.

Endpoints

API endpoints for demos, views, shares, team management, and webhooks.

On this page

API keysGenerating a keyUsing the keyOAuth 2.0SetupAuthorization flowToken refreshScopesSecurity best practices