b3ni/quasar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
907d3042bc49788a23d7876e103e7aacdb784a2e
quasar/docs/API_KEYS.md
Benito Rodríguez 9befb8db6c docs: add SECURITY.md and API_KEYS.md documentation 
- Create SECURITY.md with vulnerability reporting policy
- Add environment variables & secrets best practices
- Document input validation and rate limiting strategies
- Create docs/API_KEYS.md with step-by-step API credential guides
  - IGDB OAuth 2.0 via Twitch setup
  - RAWG API key simple registration
  - TheGamesDB API key registration
- Update README.md with security and API configuration sections
- Add tests/documentation.spec.ts with 12 validation tests
2026-02-12 20:17:58 +01:00

2.5 KiB
Raw Blame History

Obtaining API Keys

This guide explains how to get credentials for each metadata service.

IGDB (Internet Game Database)

IGDB uses OAuth 2.0 via Twitch. Steps:

  1. Go to Twitch Developer Console
  2. Sign in with your Twitch account (create one if needed)
  3. Click "Create Application"
    • Name: "Quasar" (or your app name)
    • Category: Select relevant category
    • Accept terms, click Create
  4. You'll see:
    • Client ID — Copy this
    • Click "New Secret" to generate Client Secret — Copy this
  5. Go to Settings → OAuth Redirect URLs
    • Add: http://localhost:3000/oauth/callback (development)
    • For production: https://yourdomain.com/oauth/callback
  6. In your .env file: 
    IGDB_CLIENT_ID=your_client_id
IGDB_CLIENT_SECRET=your_client_secret
  7. Start Quasar, it will use IGDB automatically

Rate Limit: 4 requests/second

RAWG (Rawg.io)

RAWG has a simpler API Key approach:

  1. Go to RAWG Settings
  2. Sign up if needed, then login
  3. Find "API Key" section
  4. Click "Create new key" (if needed) or copy existing key
  5. In your .env file: 
    RAWG_API_KEY=your_api_key_here
  6. Start Quasar

Rate Limit: 20 requests/second (free tier)

Note: RAWG requires attribution in UI (include "Powered by RAWG" somewhere visible)

TheGamesDB (thegamesdb.net)

TheGamesDB uses a simple API Key:

  1. Go to TheGamesDB API
  2. Find "API Key" section (free registration required)
  3. Register or login
  4. Copy your API key
  5. In your .env file: 
    THEGAMESDB_API_KEY=your_api_key_here
  6. Start Quasar

Rate Limit: 1 request/second (free tier)

Testing Without Real Keys

For development/testing:

  • Leave API keys as your_*_here in .env.local
  • Quasar will gracefully degrade and show limited metadata
  • Frontend will still work with manual game entry

Production Deployment

For production:

  1. Generate new keys on each service (don't reuse dev keys)
  2. Store keys in Gitea Secrets (for CI/CD)
  3. Or use environment variables on your hosting provider
  4. Rotate keys every 3 months
  5. Monitor rate limits in service dashboards

Troubleshooting

"IGDB_CLIENT_ID not found" → Check .env file exists and has correct format

"429 Too Many Requests" → Rate limit exceeded, wait and retry

"Invalid API Key" → Copy key exactly (no spaces), verify it's active on service website

Reference in New Issue View Git Blame Copy Permalink