Authentication

Secure your APIs with bearer tokens and API keys for different deployment scenarios.

Secure APIs

Bearer Token Authentication

Access Tokens

Secure API access with bearer tokens that follow OAuth2.0 best practices. Tokens are short-lived and require periodic refresh. 

Authorization: Bearer
Token Management
JavaScript 
fetch('https://api.dev.local/secure-endpoint', {
  headers: {
    'Authorization': 'Bearer '
  }
})
.then(response => {
  if (response.status === 401) {
    // Handle token refresh logic
  }
  return response.json();
});

Tokens expire after 72 hours. Use refresh tokens or generate new tokens via the Authentication API endpoint.

Token Rotation

API Key Authentication

Server Credentials

Long-lived API keys for server-to-server communication. Use when client applications cannot support bearer tokens. 

X-API-Key:
Manage Keys
cURL 
curl -X GET 'https://api.dev.local/secure' \
  -H 'X-API-Key: YOUR_LONG_LIVED_KEY'

Ideal for scheduled jobs or infrastructure integrations that need persistent access.

Key Security

Security Best Practices

Never Embed Keys

Avoid hardcoding keys or tokens in client-side code. Use secure secrets management for runtime injection.

Security Guide

Use HTTPS

Always configure TLS/SSL for all authenticated endpoints to prevent credential interception.

TLS Configuration

Related Documentation

Token Refresh Security Guide Auth Config