Authentication APIs

Authentication General Overview

All API requests require authentication via a session token. Tokens are obtained by calling the authentication endpoint and must be included in the Authorization header for all subsequent requests.

Token Request

To be able to request token:

You must provide your apiKey, password, and optionally a type.
If not specified, the type defaults to CLIENT_API.
The token is returned in the response as a string.

Token Characteristics

Tokens are valid for 15 minutes.
Token format depends on the API:
- Some APIs return a long opaque string.
- Others return a base64-encoded JWT.
Token size can be up to 4KB, avoid assumptions about length or structure.
Tokens must not be parsed or interpreted.
Tokens are sensitive: store them only in memory and never on disk.
The token endpoint is rate-limited. Only request a new token when necessary.

Using the Token

Include the token in the Authorization header for all API calls (excluding the token request itself).

Header Format Supported:

Authorization: Bearer <token>

Token Expiry & Renewal

Tokens expire 15 minutes after issuance.
If a request returns 401 Unauthorized, re-authenticate to obtain a new token.
Clients should monitor token lifetime and refresh proactively as needed

Authentication General Overview​

Token Request​

Token Characteristics​

Using the Token​

Header Format Supported:​

Token Expiry & Renewal​