Auth Token
Endpoints
Auth Token
Exchange an API key for a JWT bearer token
POST
Auth Token
Exchange your API key for a short-lived JWT token. Use this token in the
Authorization header for all protected endpoints.
Request
Your API key, provided during Account Setup. Format:
eval-api-key-<unique-hash>Must be
application/jsonResponse
JWT token to include in the
Authorization: Bearer header on subsequent requestsAlways
"bearer"Token lifetime in seconds. Default:
7200 (2 hours)Example Request
Example Response
Error Responses
401 — Missing API Key
401 — Invalid API Key
Notes
- Tokens expire in 2 hours (7200 seconds). Request a new token before expiry.
- Tokens cannot be refreshed or extended.
- Store tokens securely. Never expose API keys in client-side code.
Related
- Authentication — Full authentication guide with best practices
- Environments — Base URLs for staging and production
