Skip to main content
All SNH AI services use JWT (JSON Web Tokens) for authentication. The flow is the same regardless of which service you are using.

Authentication Flow

  1. Obtain your API key during Account Setup
  2. Exchange your API key for a JWT token using the /auth/token endpoint
  3. Include the token in the Authorization header on every API request

Get a JWT Token

Exchange your API key for a short-lived JWT token. Endpoint: POST /auth/token Pass your API key in the X-API-Key header:
Response:
  • Token expires in 2 hours (7200 seconds)
  • Tokens cannot be refreshed or extended — request a new one before expiry
See the Auth Token endpoint reference for full request/response details.

Use the Token

Include the token in the Authorization header for all protected endpoints:

Error Responses

Best Practices

  1. Token Management:
    • Cache tokens and refresh before expiration
    • Handle 401 errors by requesting a new token
    • Never hardcode tokens
  2. Security:
    • Never expose API keys in client-side code
    • Use environment variables for API keys
    • Rotate API keys periodically
  3. Error Handling:
    • Always check response status codes
    • Implement retry logic for 401 errors — see Retry Logic
    • Log authentication errors for debugging