Authentication

Security is our top priority. To protect your data and ensure that only authorized applications can access your portfolio, all requests to the MyFolioHub API must be authenticated using an API Key.

Generating an API Key

You can manage your API keys directly from your account dashboard:

1. Log in to your MyFolioHub account.
2. Navigate to Settings > Developer Tools > API Keys.
3. Click "Generate New Key".
4. Give your key a descriptive name (e.g., "GitHub Sync Script").
5. Copy the key immediately. For security reasons, we will never show this key to you again. If you lose it, you'll need to delete it and generate a new one.

Using Your API Key

To authenticate a request, include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer YOUR_API_KEY

Key Scopes and Permissions

When generating a key, you can specify its Scope to limit what the key can do. This follows the principle of least privilege, ensuring that if a key is compromised, the potential damage is minimized. Available scopes include:

• portfolio:read: Allows reading portfolio metadata and content.
• portfolio:write: Allows updating portfolio settings and content.
• projects:read: Allows listing and reading project details.
• projects:write: Allows creating, updating, and deleting projects.
• analytics:read: Allows access to visitor and engagement data.

Error Handling

If your request is unauthenticated or uses an invalid key, the API will return a 401 Unauthorized status code. If your key is valid but doesn't have the required scope for the requested action, you'll receive a 403 Forbidden status code.