Authentication schemes
Use a secret token for direct API access.
When to use?
Use for direct integrations and server-to-server communication where you control both endpoints.
Use in private integrations that require delegated access.
When to use?
Use for private integrations within an organization that require user-specific permissions.
API key authentication
Use API key authentication for direct API access. Include your API key in the api-key header for each request.
Best for:
- Direct API integrations
- Server-to-server communication
- Testing and development
See API Key authentication for setup instructions.
OAuth 2.0 authentication
Use OAuth 2.0 for private integrations within an organization that require user consent and delegated access. OAuth combines authentication and authorization in a single flow.
Best for:
- Private integrations within an organization
- Internal applications requiring user-specific permissions
- Non-public distributable applications
OAuth is currently only available for private integrations inside an organization. OAuth integrations are not intended for public distribution or listing in marketplaces.
OAuth provides a token-based authentication system. The authentication server issues a token with a defined validity period that grants access to specific features based on user permissions.
See OAuth authentication for implementation detailss.
