Authentication

All Fest Connect APIs use simple API key–based authentication to verify requests from self-hosted clients. Each API request must include a valid x-client-id and x-client-secret in the header.

You can generate or manage your API keys from the Fest Connect Self-Hosted Services Portal. Once created, the keys uniquely identify your self-hosted account and allow secure communication with Fest Connect APIs.

Authentication Headers

Include the following headers in every API request:

x-client-id: fstcnt_key_demo_12fa39baf873ce495d2adbc1935
x-client-secret: fstcnt_sec_demo_0a43a21ffb6c4e7eaa43a21ffb6c4e7eaa43a21ffb6

Tip: Keep your client secret safe and never expose it in frontend code or public repositories.

Example Request

Here’s a sample request to fetch all events with proper authentication:

curl -X GET "https://api.festconnect.com/api/public/events" \
  -H "x-client-id: fstcnt_key_demo_12fa39baf873ce495d2adbc1935" \
  -H "x-client-secret: fstcnt_sec_demo_0a43a21ffb6c4e7eaa43a21ffb6c4e7eaa43a21ffb6"

Successful Response

{
  "status": "success",
  "message": "Authenticated successfully",
  "account": {
    "name": "College Fest Portal",
    "type": "self_hosted",
    "created_at": "2025-10-15T10:22:45Z"
  }
}

Error Responses

If your credentials are invalid or missing, you’ll receive one of the following error messages:

401 Unauthorized:
{
  "error": "Missing credentials",
  "message": "Please provide both x-client-id and x-client-secret headers"
}

403 Forbidden:
{
  "error": "Invalid credentials",
  "message": "The provided API keys are inactive or invalid"
}

Fest Connect

Authentication

Authentication Headers

Example Request

Successful Response

Error Responses

On this page