When it comes to accessing the APIs, there are 2 main actors right now:
users who access APIs via widget who can list notifications, mark them as seen and read.
Systems which can create notifications for the above said users.
Right now, APIs accessible via widget are authorized based on bunch of headers. They are:
X-MAGICBELL-USER-EMAIL A header to specify User (Recipient) email
X-MAGICBELL-API-KEY A header to specify API key of the project
X-MAGICBELL-USER-HMAC A header to specify computed HMAC for User email
X-MAGICBELL-API-SECRET A header to specify API secret of the project.