Authentication
The API uses an authentication mechanism based on API keys. Each API key is associated with a Portal user and represents their identity during requests made to the API. There is no need to obtain a prior access token or complete an additional authentication process.API key
The API key is the only authentication mechanism supported by the platform. Characteristics:- Must be included in every request.
- Identifies the user making the request.
- Limits access to the organization the user belongs to.
Authorization
Access to API resources is controlled through a role-based authorization system. Authorization is applied at two levels:- Endpoint level. Determines which roles can access each endpoint.
- Action level. Restricts specific operations, such as creating, modifying, or deleting resources, based on the user’s permissions.
Access to resources depends on the user permissions defined in Portal. Not all endpoints are available to every role.
Best practices
To protect integrations that use the API, we recommend:- Keeping API keys in a secure location.
- Not sharing them or including them in public source code.
- Rotating keys periodically.
- Immediately revoking any key that may have been compromised.