API Authentication
The Breakwater API uses HTTP Basic authentication with vendor auth tokens.
Creating an API Token
- Log in to the vendor portal
- Navigate to Auth Tokens
- Click Create Auth Token
- Select your vendor as the token owner
- Save the generated username and password securely
Important: The password is only shown once. Store it in a secure location like a password manager or secrets vault.
Making Authenticated Requests
Include your credentials in the Authorization header using Basic authentication:
curl -u "vtok_username:your_password" \
https://app.breakwaterapp.com/api/v1/vendor/products
Or encode the credentials manually:
# Base64 encode "username:password"
CREDENTIALS=$(echo -n "vtok_username:your_password" | base64)
curl -H "Authorization: Basic $CREDENTIALS" \
https://app.breakwaterapp.com/api/v1/vendor/products
Token Types
Breakwater uses prefixed tokens to indicate their purpose:
| Prefix | Type | Permissions |
|---|---|---|
vtok_ |
Vendor | API access, push and pull images |
ctok_ |
Customer | Pull images only |
Only vendor tokens (vtok_) can access the API. Customer tokens are for Docker registry authentication only.
Token Management
Tokens can be revoked at any time from the vendor portal. Revoked tokens immediately lose access to both the API and the Docker registry.
Security Best Practices
- Store tokens securely (environment variables, secrets manager)
- Rotate tokens periodically
- Use separate tokens for different environments (staging, production)
- Revoke tokens immediately if compromised
- Never commit tokens to version control