← Back to Documentation

Authentication

Securely authenticate API requests using API keys, OAuth2, or JWT tokens.

API Key Authentication

Obtain Your API Key

Generate API keys from your Dashboard. Store securely and rotate regularly for security. 

# Example API key format
eggeia_sk_1234567890abcdef

Usage Example

curl -X GET \
  https://api.eggeia.com/api/v1/data \
  -H 'Authorization: Bearer YOUR_API_KEY'
                        
const client = new Eggeia.Client({
  apiKey: 'YOUR_API_KEY'
});

client.data.get()
  .then(response => console.log('Success:', response));
Security Tip:

Never expose API keys in client-side code. Use server middleware for sensitive operations.

OAuth2 Integration

Authorization Code Flow

Use OAuth2 for third-party applications needing user permission. Redirect users to our authorization endpoint: 

# Redirect URI example
https://api.eggeia.com/oauth2/authorize?
client_id= YOUR_CLIENT_ID&
redirect_uri= https://yourapp.com/callback&
response_type= code&
scope= read%20write

Token Exchange

curl -X POST https://api.eggeia.com/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=YOUR_CLIENT_ID' \
-d 'client_secret=YOUR_CLIENT_SECRET' \
-d 'code=AUTHORIZATION_CODE' \
-d 'grant_type=authorization_code'
                        
// After receiving access token
fetch('https://api.eggeia.com/api/v1/data', {
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
  }
});

Tip: OAuth2 tokens expire after 60 minutes. Use refresh tokens for longer sessions.

JWT Authentication

How JWT Works

JSON Web Tokens (JWT) authenticate users directly. This method is useful for mobile applications or user-facing systems. 

{
  "sub": "user@example.com",
  "exp": 1725175296,
  "iat": 1725171696,
  "iss": "https://api.eggeia.com",
  "scope": "read write"
}

Implementation

curl -X GET https://api.eggeia.com/api/v1/user \
  -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIO...'

Security Note: Always use HTTPS and store signing keys securely. JWTs should be short-lived and signed with strong algorithms.

Error Responses

Status Code Description Solution
401 Unauthorized Missing or invalid credentials Verify header format and key validity
403 Forbidden Insufficient scope Re-authenticate with required permissions
400 Bad Request Malformed request body Validate JSON structure and encoding

Ready to Implement?

You've now learned API keys, OAuth2 codes, and JWTs. Try the interactive sandbox for live testing.

API Reference Quick Start Guide