Docs Navigation
Current: Authentication
Open all sections
Overview
Getting Started
Role Guides
Compliance & Trust
Developer Reference
More
Home / Documentation / API Authentication
API Authentication
Planned API auth uses bearer tokens. Mutating requests also require a CSRF token header.
Bearer Token
Include a bearer token with every authenticated request.
Authorization: Bearer YOUR_API_TOKENCSRF Protection for Mutations
For POST, PATCH, and DELETE, fetch a CSRF token first and submit it in X-CSRF-Token.
# Step 1: fetch CSRF token
GET /v1/csrf-token
Authorization: Bearer YOUR_API_TOKEN
# Response
{ "csrfToken": "abc123xyz..." }
# Step 2: include token in mutation
POST /v1/offerings/:id/subscribe
Authorization: Bearer YOUR_API_TOKEN
X-CSRF-Token: abc123xyz...
Content-Type: application/json
{ "amount": "25000.00" }Scope and Permission Behavior
| Case | Result |
|---|---|
| Missing token | 401 Unauthorized |
| Invalid token | 401 Unauthorized |
| Valid token but unauthorized role | 403 Forbidden |
| Mutation request without CSRF | 403 Forbidden |