MinBil API Docs
Documentation navigation

Overview

Docs HomeWorkshop StartCarOwner Start

Workshop Onboarding

Get Started01 API key setup02 API key in requests03 Auth testing04 Bearer token calls

Collections

Platform API Collection (Soft Launch)Soft Launch All EndpointsSoft Launch InteractiveFundamentalsCanonical Spec

API Reference

API RootWorkshop IndexWorkshop InteractiveWorkshop Auth InteractiveAll Workshop EndpointsCarOwner IndexCarOwner InteractiveCarOwner Auth InteractiveAll CarOwner EndpointsCore/Common IndexCore InteractiveAll Core Endpoints

Workshop Namespaces

AuthUserProfileWorkshopCoreWorkshopOwnershipRequestContactsAddressesOpeningHoursServicesManagersCertificatesSocialMediaBookingsRatingsServiceHistoryEmailVerificationNotificationsMessagesBrregLookupBookingStatusesCategoriesReportsServiceRecordsUsersAccessV2RealtimePresenceSupport

CarOwner Namespaces

AuthBookingBookingStatusCarBrandsCarOwnerPaymentsCarOwnerServiceRecordsCategoriesFavoritesMarketplaceMarketplaceCompatMarketplaceFiltersMessagesNotificationsPresenceProfileRatingsRealtimeServiceLogSettingsVehicles

Core Namespaces

CoreVehicleServiceHistoryWorkshopCommonCarOwnerCommon

Page Introduction

Onboarding step guide

This step gives implementation-level instructions for frontend engineers integrating authentication and protected Workshop calls.

  • Apply this step in your client API layer before feature work.
  • Use examples directly in local test environment.
  • Move to the next step only when this one is verified.

Choose next step

Back to onboardingOpen workshop auth interactiveOpen workshop try-it

Onboarding Step 2

How to use the API key

The API key is sent in the `x-api-key` header. Without this header, gateway or endpoint authentication will reject the request.

Request template

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";

const api = axios.create({
  baseURL: BASE_URL,
  timeout: 20000,
  headers: {
    "Content-Type": "application/json",
    "x-api-key": API_KEY,
  },
});

Error handling

try {
  const response = await api.post("/api/ws/auth/forgot-password", {
    email: "demo@minbil.no",
  });

  console.log(response.data);
} catch (error: any) {
  const status = error.response?.status;
  const detail = error.response?.data?.detail ?? error.message;

  if (status === 401 || status === 403) {
    console.error("Invalid or missing API key", detail);
  } else {
    console.error("Request failed", detail);
  }
}

Best practices

  • Use different keys for dev/test/prod.
  • Rotate keys immediately if you suspect a leak.
  • Never log API keys in frontend console output or server logs.