Authenticatie - RegExMakker Docs
The ultimate regex playground for Dutch developers
security
API Keys & OAuth Integration
How to handle API tokens and security best practices.
API Key Management
RegExMakker issues HMAC-SHA256 signed keys with a 128-bit payload. Store your primary key `rmk_live_8f3a9c2b` in environment variables, never in client-side code. Rotate keys every 90 days via the dashboard at `app.regexmakker.nl/security/keys`.
OAuth 2.0 Flows
Use the Authorization Code flow with PKCE for web and mobile apps. Set your redirect URI to `https://yourdomain.com/callback` and exchange the temporary code for an access token valid for 3600 seconds. Refresh tokens expire after 7 days of inactivity.
Token Rotation & Scopes
Apply least-privilege scopes like `regex:read`, `pattern:write`, and `analytics:view`. Implement automatic token rotation using the `X-RM-Token-Refresh` header. Monitor failed authentication attempts in the audit log under `Settings > Security > Event Stream`.
Secure Your Integration
Review the endpoint reference and test your implementation in our staging environment before deploying to production. Contact `support@regexmakker.dev` for enterprise SSO configuration.