Authentication

Secure access to your local development APIs using bearer tokens or API keys.

← Back to API Docs

Authentication methods

Bearer Token Authentication

Bearer Tokens

Use OAuth2-style bearer tokens for client applications. Ideal for browser-based apps and mobile clients with token refresh capabilities. 

Authorization: Bearer
View API Docs

Token Lifecycle

  • Short-lived access tokens (72 hours)
  • Refresh tokens stored securely in your browser
  • Automated refresh handled by SDKs
Refresh Token Management

API Key Authentication

Long-Lived API Keys

Server-to-server authentication for background tasks or automated systems. Generated through the developer dashboard. 

X-API-Key:
Manage API Keys

Secure Management

  • Scoped to specific resources or APIs
  • Revoked anytime from dashboard
  • Expiring keys for temporary access
Key Rotation Guide

Code Examples

JavaScript Bearer Token 
fetch('https://api.dev.local/api/users', {
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
  }
})
.then(response => response.json())
.then(data => console.log(data))
View API Details
cURL API Key 
curl -X GET 'https://api.dev.local/api/projects' \
  -H 'X-API-Key: YOUR_API_KEY'
Key Management