Authentication & Authorization

All API requests must be authenticated. We support three authentication methods: API Keys, OAuth 2.0, and JWT tokens. Choose the method that best fits your use case.

API Keys

API keys are the simplest authentication method. Include your key in the Authorization header:

Authorization: Bearer sk_live_abc123def456

API keys are best for server-to-server integrations where you control the environment.

OAuth 2.0

For applications acting on behalf of users, implement the Authorization Code flow with PKCE. This is the recommended approach for web and mobile applications.

// Step 1: Redirect user to authorization\nconst authUrl = `https://auth.connectbase.com/authorize?\n client_id=${CLIENT_ID}&\n redirect_uri=${REDIRECT_URI}&\n response_type=code&\n code_challenge=${codeChallenge}&\n code_challenge_method=S256`;

JWT Tokens

For microservice architectures, use JWT tokens with RS256 signing. Register your public key in the Developer Portal.

Scopes

All methods support scope-based access control. Request only the scopes your application needs: read:buildings, write:addresses, admin:account.