Authentication & Security

Secure access to Delphin API through API keys, OAuth2, and service accounts.

All API requests must be authenticated with a valid Authorization header.

Bearer Token Example

curl -H "Authorization: Bearer YOUR_API_KEY" https://api.delphin.io/analyze

Security Highlights

  • Token-based authentication
  • OAuth2.0 integration
  • Role-based access control (RBAC)

Authentication Options

1. API Keys

How to get started

  1. 1

    Go to your developer dashboard

  2. 2

    Create a new API key with appropriate scopes

  3. 3

    Use in the Authorization header as Bearer {KEY}

POST /api/v1/analyze 
{
  "content": "Authentication works with your API key in the header",
  "format": "json"
}

2. OAuth2.0 Integration

OAuth2.0 Flow

  • Client credentials grant for service accounts
  • Authorization code grant for end-users
  • Scopes control access levels

Security Note:

OAuth2 tokens must be transmitted over HTTPS. Never expose tokens in client-side code.

POST /token
curl -X POST \ https://api.delphin.io/auth/token \ -H 'Content-Type: application/x-www-form-urlencoded' \ -u "{CLIENT_ID}:{CLIENT_SECRET}" \ -d 'grant_type=client_credentials'
Response: { "access_token": "A1B2C3D4E5F6...", "token_type": "Bearer", "expires_in": 3600 }

3. Token Management

Security Best Practices

Rotating Secrets 48h
Token Expiry (API Key) 720h
Token Expiry (OAuth) 1h
  • Store secrets in secure credential managers
  • Monitor token usage in API dashboard
  • Use short-lived temporary tokens

Token Expiry Management

Our API automatically refreshes tokens after 90% of their lifetime has elapsed when using the OAuth2.0 client credentials flow.

Need Help?

API Keys

Manage and rotate your API credentials

Access Dashboard

OAuth2 Guide

Detailed documentation for integration

Integration Guide

Security Guide

Best practices for secure integration

View Docs