Authentication

All API requests require authentication using an API key.

Getting an API Key

1. Visit wtfisthiscve.com/dashboard
2. Sign in with GitHub, Google, or Microsoft
3. Your API key will be displayed in the API Keys tab

Sign-In Options

You can sign in using any of these OAuth providers:

• GitHub - /auth/github
• Google - /auth/google
• Microsoft - /auth/microsoft

All providers give you the same access. You can link multiple providers to your account for flexible sign-in.

Using Your API Key

Include your API key in the X-API-Key header:

curl -H "X-API-Key: your-api-key" \
  https://wtfisthiscve.com/api/cve/CVE-2021-44228

Rate Limits

• 100 requests per minute per API key
• Rate limit headers are included in responses:
  • X-RateLimit-Limit: Maximum requests per window
  • X-RateLimit-Remaining: Remaining requests in current window
  • X-RateLimit-Reset: Unix timestamp when the window resets

Dashboard

The dashboard provides access to:

• API Keys - View and copy your API key
• Account - View connected providers, link new accounts, update email
• Privacy - Export your data, delete your account

Security

• Keep your API key secret
• Do not commit API keys to version control
• Use environment variables to store your key:

export WTF_API_KEY="your-api-key"

If your API key is compromised, sign in again to generate a new one.