Authentication

Learn how to authenticate your requests to our API.

Authentication Methods

Our platform supports multiple authentication methods to suit different use cases:

API Key Authentication

API keys are the simplest way to authenticate with our API. Each key is associated with your account and has specific permissions.

Security Note

Keep your API keys secure and never expose them in client-side code.

How to use API Keys

Include your API key in the Authorization header of your requests:

curl -X GET "https://api.example.com/v1/data" \
  -H "Authorization: Bearer YOUR_API_KEY"

bash

When using our SDK, you can configure the API key during initialization:

import { Client } from '@acme/sdk';

const client = new Client({
  apiKey: 'YOUR_API_KEY',
});

// The SDK will automatically include your API key in all requests
const data = await client.getData();

javascript

Best Practices

Secure Storage

Always store authentication credentials securely:

Never hardcode API keys or secrets in your source code
Use environment variables or secure credential storage
For client-side applications, use secure HTTP-only cookies or secure storage mechanisms

Token Management

Implement proper token lifecycle management:

Implement token refresh mechanisms for OAuth and JWT
Revoke tokens when they're no longer needed
Implement token rotation for long-lived sessions

Scoped Access

Use the principle of least privilege:

Request only the permissions your application needs
Create different API keys for different environments (development, staging, production)
Use read-only keys when write access is not required

Was this page helpful?

Last updated on 3/19/2025