QODRYX is an AI-powered DevOps platform that provides comprehensive security scanning, automated testing, one-click deployment, and real-time performance monitoring. It's designed to help development teams ship secure, tested code faster.

How does QODRYX secure AI-generated code?

QODRYX uses multiple security scanning tools including SAST (Static Application Security Testing), secret detection, dependency scanning, and AI-specific vulnerability patterns to identify security issues in AI-generated code before it reaches production.

What deployment platforms does QODRYX support?

QODRYX supports deployment to Vercel, Railway, Docker containers, and any VPS via SSH. It provides one-click deployment with automatic rollback capabilities.

Does QODRYX offer a free plan?

Yes, QODRYX offers a free plan that includes 50 security scans per month, 1 AI provider integration, and 3 deployments per month. Perfect for individual developers and small projects.

How does QODRYX compare to other DevOps tools?

Unlike single-purpose tools, QODRYX provides an all-in-one solution covering security, testing, deployment, and monitoring. It's specifically designed for AI-assisted development workflows and includes features like AI code review, cost tracking, and compliance automation.

Authentication

Secure access to the QODRYX API

Overview

The QODRYX API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard Settings. All API requests must include a valid API key in the header.

Keep Your API Keys Secure

Your API keys carry many privileges. Do not share them in client-side code, public repositories, or expose them in any way.

Authentication Methods

API Keys

API keys are the primary authentication method for server-to-server communication:

# Include your API key in the Authorization header
curl -X GET "https://api.qodryx.com/v1/projects" \
  -H "Authorization: Bearer qx_live_abc123def456..."

# Or use the X-API-Key header
curl -X GET "https://api.qodryx.com/v1/projects" \
  -H "X-API-Key: qx_live_abc123def456..."

API Key Types

Type	Prefix	Use Case
Live	qx_live_	Production environment
Test	qx_test_	Development/testing
Read-only	qx_ro_	Read-only access

Personal Access Tokens (PAT)

PATs are useful for CLI tools and personal automation scripts:

# Generate a PAT from Dashboard → Settings → API Keys → Create Personal Token

# Use in CLI
qodryx auth login --token qx_pat_abc123...

# Use in API requests
curl -X GET "https://api.qodryx.com/v1/user" \
  -H "Authorization: Bearer qx_pat_abc123..."

OAuth 2.0

For applications that need to act on behalf of users:

# 1. Redirect user to authorization URL
https://auth.qodryx.com/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  response_type=code&
  scope=read:projects write:workflows&
  state=RANDOM_STATE_STRING

# 2. Exchange authorization code for access token
POST https://auth.qodryx.com/oauth/token
Content-Type: application/json

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "code": "AUTHORIZATION_CODE",
  "redirect_uri": "YOUR_REDIRECT_URI",
  "grant_type": "authorization_code"
}

# 3. Response
{
  "access_token": "qx_oauth_abc123...",
  "refresh_token": "qx_refresh_xyz789...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "read:projects write:workflows"
}

Creating API Keys

Go to API Settings

Navigate to Dashboard → Settings → API Keys

Create New Key

Click 'Create API Key' and give it a descriptive name

Set Permissions

Choose the scopes and permissions for this key

Copy Key

Copy the key immediately - it won't be shown again

Scopes & Permissions

API keys can be restricted to specific scopes:

Scope	Description
read:projects	View projects and their settings
write:projects	Create and modify projects
read:workflows	View workflows and their status
write:workflows	Create, trigger, and modify workflows
read:security	View security scan results
write:security	Trigger scans and manage findings
read:deployments	View deployment history and status
write:deployments	Trigger deployments and rollbacks

SDK Authentication

JavaScript/TypeScript

import { Qodryx } from '@qodryx/sdk';

// Initialize with API key
const client = new Qodryx({
  apiKey: process.env.QODRYX_API_KEY,
});

// Make authenticated requests
const projects = await client.projects.list();

Python

from qodryx import Qodryx

# Initialize with API key
client = Qodryx(api_key=os.environ['QODRYX_API_KEY'])

# Make authenticated requests
projects = client.projects.list()

CLI

# Authenticate CLI
qodryx auth login

# Or use environment variable
export QODRYX_API_KEY=qx_live_abc123...
qodryx projects list

Token Refresh

OAuth access tokens expire after 1 hour. Use the refresh token to get a new access token:

POST https://auth.qodryx.com/oauth/token
Content-Type: application/json

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "refresh_token": "qx_refresh_xyz789...",
  "grant_type": "refresh_token"
}

Error Responses

Authentication errors return appropriate HTTP status codes:

Status	Description	Solution
401	Invalid or missing API key	Check your API key is correct
403	Insufficient permissions	Check API key scopes
429	Rate limit exceeded	Implement backoff and retry

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key provided",
    "details": "The API key 'qx_live_...' does not exist or has been revoked"
  }
}

Security Best Practices

Recommendations

Store API keys in environment variables, never in code
Use the minimum required scopes for each key
Rotate API keys regularly (every 90 days recommended)
Use separate keys for different environments (dev, staging, prod)
Revoke compromised keys immediately in the dashboard