Back to Documentation
Documentation / Popular / API Authentication
API10 min read

API Authentication

Complete guide to authenticating with CognexiaAI APIs

Authentication Methods

Three secure ways to authenticate: API Keys, OAuth 2.0, and JWT tokens

Method 1: API Key Authentication

The simplest method for server-to-server communication.

curl -X GET https://api.cognexiaai.com/v1/crm/contacts \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY" \
  -H "Content-Type: application/json"

Security: Never expose API keys in client-side code or public repositories

Method 2: OAuth 2.0

For user-authorized access to resources.

Step 1: Authorization Request

https://auth.cognexiaai.com/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=https://yourapp.com/callback&
  response_type=code&
  scope=crm:read crm:write

Step 2: Token Exchange

POST https://auth.cognexiaai.com/oauth/token

{
  "grant_type": "authorization_code",
  "code": "AUTH_CODE",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET"
}

Method 3: JWT Tokens

For session-based authentication in web applications.

// Login and receive JWT
const response = await fetch('/api/auth/login', {
  method: 'POST',
  body: JSON.stringify({ email, password })
});

const { token } = await response.json();

// Use token in subsequent requests
fetch('/api/user/profile', {
  headers: {
    'Authorization': `Bearer ${token}`
  }
});

Best Practices

Rotate Keys Regularly

Change API keys every 90 days

Use Environment Variables

Store credentials securely

Implement Rate Limiting

Protect against abuse

Next Steps

REST API →

API reference

Rate Limits →

Usage quotas

Security →

Best practices