Authentication model

Created by Mayank Singhal, Modified on Sat, 11 Jul at 6:13 PM by Mayank Singhal

Question:

How does authentication work?

  • Is it at the operator level (a single key for all operations) or per user?

  • What is the token/key TTL? Does it expire?

  • Are there different keys for different types of operations (read vs. execute)?


Answer:

API key + secret, scoped to a single environment (sandbox vs production — no crossover). Keys have no default expiry but support an optional, enforced expiration and can be rotated on demand. 

Presenting a key + secret to POST /auth/token returns a short-lived, project-scoped JWT. Standards-compliant OAuth2 and granular read-vs-execute scopes are coming in August.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article