Back to Documentation

API Authentication

Learn how to authenticate with the Cool Web Tool API and make secure requests to access your data.

Authentication Overview

The Cool Web Tool API uses session-based authentication for security and simplicity. All API requests must include proper authentication headers to access your account data.

Authentication Methods:

  • • Session-based authentication
  • • CSRF token protection
  • • Secure cookie handling
  • • Rate limiting per user

Security Features:

  • • HTTPS required
  • • Session timeout
  • • IP-based rate limiting
  • • Audit logging

Getting Started

1

Login to Your Account

First, log in to your Cool Web Tool account through the web interface. This establishes your session and authentication cookies.

2

Get CSRF Token

Retrieve a CSRF token from the API to protect against cross-site request forgery attacks.

3

Make API Requests

Include your session cookies and CSRF token in all API requests to authenticate properly.

Authentication Flow

Step 1: Get CSRF Token

curl -X GET "https://api.coolwebtool.com/api/v1/auth/csrf/" \
-H "Cookie: sessionid=your_session_cookie"

Response:

{"csrfToken": "abc123def456ghi789"}

Step 2: Make Authenticated Request

curl -X GET "https://api.coolwebtool.com/api/v1/projects/" \
-H "Cookie: sessionid=your_session_cookie" \
-H "X-CSRFToken: abc123def456ghi789"

Response:

{"data": [{"id": "project-uuid", "name": "My Website", "domain": "example.com"}]}

Code Examples

JavaScript/Node.js

const axios = require('axios');
// Create axios instance with cookies
const api = axios.create({
baseURL: 'https://api.coolwebtool.com/api/v1',
withCredentials: true, // Important for cookies
});
// Get CSRF token
const getCSRFToken = async () => {
const response = await api.get('/auth/csrf/');
return response.data.csrfToken;
};

Python

import requests
# Create session for cookie handling
session = requests.Session()
session.cookies.set('sessionid', 'your_session_cookie')
# Get CSRF token
csrf_response = session.get('https://api.coolwebtool.com/api/v1/auth/csrf/')
csrf_token = csrf_response.json()['csrfToken']

PHP

$session_cookie = 'your_session_cookie';
// Get CSRF token
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.coolwebtool.com/api/v1/auth/csrf/');
curl_setopt($ch, CURLOPT_COOKIE, "sessionid=$session_cookie");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$csrf_response = curl_exec($ch);
$csrf_data = json_decode($csrf_response, true);
$csrf_token = $csrf_data['csrfToken'];

Error Handling

401 Unauthorized

Your session has expired or is invalid. Re-authenticate by logging in again.

403 Forbidden

You don't have permission to access this resource. Check your subscription tier.

429 Too Many Requests

You've exceeded your rate limit. Wait before making more requests.

Best Practices

Store Tokens Securely

Never hardcode authentication tokens in your code. Use environment variables or secure storage.

Handle Session Expiry

Implement proper error handling for expired sessions and re-authentication flows.

Respect Rate Limits

Implement exponential backoff when hitting rate limits to avoid being blocked.

Use HTTPS

Always use HTTPS for API requests to ensure your authentication data is encrypted.

Rate Limiting

API requests are rate-limited based on your subscription tier to ensure fair usage and system stability.

Free Tier

100 requests/hour

Starter Plan

500 requests/hour

Professional Plan

2000 requests/hour

Rate Limit Headers

API responses include headers showing your current usage:

X-RateLimit-Limit: 100 X-RateLimit-Remaining: 85 X-RateLimit-Reset: 1640995200

Next Steps

Projects API

Learn how to manage projects and websites through the API.

SEO Endpoints

Access SEO analysis and audit data programmatically.

Rate Limiting

Understand rate limits and implement proper handling.