API Authentication
To protect Garena game networks and ensure prioritized bandwidth allocations, the FFDATA REST API employs an API key token authorization model. All requests to our server endpoints must include a valid Bearer Token inside the headers.
Authorization Headers
API keys are sent inside the standard HTTP Authorization header. The value must use the Bearer prefix, separated by a single space character.
headers = {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
}
}Example Request
Below is a standard cURL command demonstrating bearer token authorization against our Player stats route:
curl -X GET \
"https://ffdata-api.onrender.com/api/v1/player/basic?uid=1738283841®ion=ind" \
-H "Authorization: Bearer YOUR_API_KEY"Credit System Matrix
FFDATA runs a transaction-based pricing mechanism. API actions are charged in credits based on the targeted endpoint and the requested detail level:
| API Route | Basic Detail | Detailed Level | Full Buffers Dump |
|---|---|---|---|
| /api/v1/player/basic | 0.50 Credits | 2.50 Credits | 5.00 Credits |
| /api/v1/workshop/author | 0.50 Credits | 2.50 Credits | 5.00 Credits |
| /api/v1/clan/info | 1.00 Credit | 3.00 Credits | 5.00 Credits |
Credential Security Best Practices
Your API keys grant full access to your query balance and credit lines. Please adhere to these guidelines:
- Never commit keys: Avoid committing API keys inside raw Git repositories or public code folders. Use environment variables (e.g.
FFDATA_API_KEY). - Restrict client usage: Do not use API keys directly inside frontend applications, mobile apps, or browser code. Route all requests through a secure server-side proxy backend to prevent key exposure.
- Rotation: If an API key is accidentally exposed, immediately revoke and regenerate it via the keys manager dashboard panel.
Authentication Errors
When requests fail due to missing or invalid keys, the server rejects the request with HTTP Status 401 Unauthorized:
{
"success": false,
"error": "UNAUTHORIZED",
"error_code": 4001,
"meta": {
"time_ms": 5,
"request_id": "a1b2c3d4-e5f6-a7b8-c9d0-e1f2a3b4c5d6"
}
}
}
}