Authentication

The Worlds API requires Bearer Token authentication. Include your API key in the Authorization header of every request.

Generate key

You must provide a valid API key to interact with the API.

Cloud
Self-hosted

Generate an API key in the dashboard.

Use the WORLDS_API_KEY environment variable configured on your server. This acts as the root admin key for your instance.

Unprotected mode

For rapid prototyping and local development, the WORLDS_API_KEY is optional.

If you do not provide a WORLDS_API_KEY, the server runs in unprotected mode, granting full administrative access to all requests. Use this state strictly for local development.

Authenticate

Set the header

Configure the Authorization header with your API key:

Authorization: Bearer <YOUR_API_KEY>

Use the SDK

The SDK handles authentication automatically when you initialize the client:

import { WorldsSdk } from "@wazoo/worlds-sdk";

const sdk = new WorldsSdk({
  apiKey: "YOUR_API_KEY",
  baseUrl: "https://api.wazoo.dev",
});

Admin access

Certain endpoints, such as listing all worlds for an account, require an admin API key. In self-hosted environments, use your WORLDS_API_KEY.

API Basics

CLI

Configuration

System Internals

Changelog

API Reference

Generate key

Unprotected mode

Authenticate

Set the header

Use the SDK

Admin access

API Basics

CLI

Configuration

System Internals

Changelog

API Reference

​Generate key

​Unprotected mode

​Authenticate

​Set the header

​Use the SDK

​Admin access

Generate key

Unprotected mode

Authenticate

Set the header

Use the SDK

Admin access