API Reference

Other Categories

Authentication

API authentication methods and best practices

Authentication

Secure your API requests with proper authentication.

API Keys

Creating an API Key

1. Go to Settings > Developer > API Keys 2. Click "Create New Key" 3. Set permissions and expiration 4. Copy and store securely

Using API Keys

Include in the Authorization header:

curl https://api.syntrigen.com/v2/candidates \
  -H "Authorization: Bearer sk_live_abc123..."

OAuth 2.0

For user-authorized access, use OAuth:

// Exchange code for token
const response = await fetch('https://api.syntrigen.com/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    grant_type: 'authorization_code',
    code: 'AUTH_CODE',
    client_id: 'YOUR_CLIENT_ID',
    client_secret: 'YOUR_CLIENT_SECRET',
    redirect_uri: 'https://yourapp.com/callback'
  })
});
const { access_token, refresh_token } = await response.json();

Token Scopes

| Scope | Access | |-------|--------| readRead-only access writeCreate and update deleteDelete resources | admin | Administrative access |

Security Best Practices

1. Never expose API keys in client-side code 2. Use environment variables 3. Rotate keys regularly 4. Set minimal required scopes 5. Monitor API usage for anomalies

Was this helpful?

Let us know if this article helped you

Previous
API Overview
Next
Rate Limits