Integration Authentication

Learn how to authenticate your API requests and manage access tokens.

Authentication Methods

API Keys

Simple authentication using static API keys. Best for server-to-server communication.

OAuth 2.0

Secure token-based authentication with refresh capabilities. Ideal for user-context operations.

Service Accounts

Machine-to-machine authentication with fine-grained permissions.

Using API Keys

Add your API key to the Authorization header:

curl -X GET "https://api.platform.com/v1/policies" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

OAuth 2.0 Flow

1. Authorization Request

GET https://auth.platform.com/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &response_type=code
  &redirect_uri=YOUR_REDIRECT_URI
  &scope=read write

2. Token Exchange

POST https://auth.platform.com/oauth/token
{
  "grant_type": "authorization_code",
  "code": "AUTH_CODE",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "redirect_uri": "YOUR_REDIRECT_URI"
}

Security Best Practices

Rotate API keys regularly
Use environment variables for sensitive credentials
Implement proper error handling for auth failures
Monitor and audit authentication attempts
Use appropriate scopes for OAuth tokens