Authentication

All requests to the Flowbrite API require authentication. In this brief guide we'll show you the 2 ways to authenticate your requests.

Always keep your API keys and bearer tokens secure. Do not expose them in client-side code or commit them to code repositories.

The environment.name field in authentication responses is one of SANDBOX or PRODUCTION.

API Keys

You can obtain an API key from your dashboard under Settings » Developer.

It is possible to create and label multiple API keys, so we recommend generating a dedicated key for each integration. This makes it easy to manage and revoke access for individual applications without impacting others.

You should also ensure you limit the scopes of your API keys to only the permissions required for that integration.

Once you have your API key, you can include it in the request header like this:

API Key

curl -G https://api.flowbrite.io/v1/auth/who-am-i \
  -H "X-API-KEY: {api_key}"

We recommend using API keys to access the API.

Bearer Tokens

If you prefer, you can also authenticate using a username and password to obtain a JWT bearer token. This is generally not recommended for most use cases, but it can be useful in certain scenarios.

Bearer Tokens

POST

/v1/auth/token

curl -X POST "https://api.flowbrite.io/v1/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "{email}",
    "password": "{password}"
}'