~2 min read
API basics
Your server talks to Qyzar over HTTPS. The browser SDK handles the live connection internally — you rarely call that layer yourself.
URLs
- HTTP (production):
https://apisecure.qyzar.eu - Default live host (used by the SDK):
wss://ws1.qyzar.eu
Who authenticates how
- Dashboard user — your Qyzar login for project settings.
- Project secret — server-only; token mint, session verify, metadata.
- Client token — browser JWT from client tokens; not enough to trust your API alone.
HTTP bodies
Success responses are often wrapped as { "data": … }. Errors include error and sometimes requestId.
Prefer the server package
Use @tnuser/qyzar-server instead of hand-rolling fetch for /projects/client/* routes. See HTTP routes for the full list.