Secure Authentication

Learn how to authenticate and authorize with Ensot's developer platform using API keys, OAuth 2.0, and JWT tokens.

Authentication Options

API Keys

Simple and direct authentication method suitable for server-to-server communication.


Authorization: Bearer YOUR_API_KEY

OAuth 2.0

Secure third-party access with refresh tokens and user consent workflows.


POST /token
Client-Id: XXX
Client-Secret: XXX
Grant-Type: authorization_code

JWT Tokens

Stateless authentication with encoded claims and JSON Web Signatures.


{
  "Authorization": "Bearer XXX.JWT.XXX",
  "alg": "HS256",
  "exp": 1629306989
}

Security Best Practices

Store credentials in environment variables
Use HTTPS in production environments
Rotate credentials every 90 days
Never embed credentials in client-side code

Code Example


// Example API call with authentication
fetch('https://api.ensot.com/v1/users/me', {
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_API_KEY'
  }
})
.then(response => response.json())
.then(data => console.log(data));

🛡️ Replace 'YOUR_API_KEY' with your actual token from the Developer Console.

Start Building