Enterprise APIs
Dark Web API
Authentication

Authentication

Securing access to sensitive breach data is critical. The NordStellar Dark Web API provides robust authentication mechanisms to ensure that only authorized applications and users can access the data. This page explains the available authentication methods, token management, and security best practices.

Authentication Methods

The NordStellar Dark Web API supports two primary authentication methods:

API Key Authentication

API Key authentication is the recommended method for most integrations and provides access to the majority of API endpoints.

How It Works

  1. You'll receive an API key from your account manager
  2. Include this key in the X-API-KEY header with each request
  3. The API validates your key and grants access to the requested resources

Example Header

X-API-KEY: YOUR_API_KEY_HERE

Basic Authentication

Basic Authentication is primarily used for administrative operations, such as:

  • Managing API tokens
  • Configuring webhook endpoints
  • Accessing user management functions

Basic Authentication requires your username and password credentials provided by your account manager.

How It Works

  1. Combine your username and password in the format: username:password
  2. Base64 encode this string
  3. Include the encoded string in the Authorization header with the prefix "Basic "

Example Header

Authorization: Basic base64encoded_credentials_here

Token Management

For applications that need to create and manage multiple API tokens, the Dark Web API provides endpoints for token administration.

Creating API Tokens

You can create new API tokens using the /auth/token endpoint with Basic Authentication:

POST /v3/data/auth/token

This allows you to create unique tokens for different applications or integration points, each with its own identifier for tracking purposes.

Managing API Tokens

The API provides endpoints for:

  • Listing existing tokens
  • Retrieving specific token information
  • Deleting tokens that are no longer needed

This enables you to maintain security through proper token lifecycle management.

Security Best Practices

To maintain the security of your API access, follow these best practices:

API Key Protection

  • Never expose your API key in client-side code
  • Store API keys in secure environment variables or secrets management systems
  • Rotate API keys periodically, especially after staff changes

Access Controls

  • Create separate API keys for different environments (development, staging, production)
  • Use the minimum required permissions for each integration
  • Implement proper IP allowlisting when possible

Rate Limit Management

  • Monitor your rate limits and quotas through response headers
  • Implement proper backoff and retry logic to handle rate limit errors
  • Design your application to distribute requests evenly rather than in bursts

Audit and Monitoring

  • Log all API requests for audit purposes
  • Monitor for unusual patterns that could indicate compromise
  • Rotate compromised credentials immediately

Token Rotation

If you suspect that an API key has been compromised, follow these steps:

  1. Create a new API token using the token creation endpoint
  2. Update your applications to use the new token
  3. Delete the compromised token using the token deletion endpoint
  4. Monitor for any unauthorized use of the old token

By following these authentication best practices, you can securely integrate with the NordStellar Dark Web API while maintaining the confidentiality and integrity of sensitive breach data.

Dark WebRate Limit and Quota
NordStellar © 2026Privacy Policy