Question:
How does authentication work?
Is it at the operator level (a single key for all operations) or per user?
What is the token/key TTL? Does it expire?
Are there different keys for different types of operations (read vs. execute)?
Answer:
API key + secret, scoped to a single environment (sandbox vs production — no crossover). Keys have no default expiry but support an optional, enforced expiration and can be rotated on demand.
Presenting a key + secret to POST /auth/token returns a short-lived, project-scoped JWT. Standards-compliant OAuth2 and granular read-vs-execute scopes are coming in August.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article