Authentication Flow
- Obtain your API key during Account Setup
- Exchange your API key for a JWT token using the
/auth/tokenendpoint - Include the token in the
Authorizationheader on every API request
Get a JWT Token
Exchange your API key for a short-lived JWT token. Endpoint:POST /auth/token
Pass your API key in the X-API-Key header:
- Token expires in 2 hours (7200 seconds)
- Tokens cannot be refreshed or extended — request a new one before expiry
Use the Token
Include the token in theAuthorization header for all protected endpoints:
Error Responses
Best Practices
-
Token Management:
- Cache tokens and refresh before expiration
- Handle 401 errors by requesting a new token
- Never hardcode tokens
-
Security:
- Never expose API keys in client-side code
- Use environment variables for API keys
- Rotate API keys periodically
-
Error Handling:
- Always check response status codes
- Implement retry logic for 401 errors — see Retry Logic
- Log authentication errors for debugging
