1. [ Home ](/) 2. [Documentation](/docs) 3. [Authentication](/docs?category=8) 4. Authentication & Authorization Authentication v2.0 12 min read # Authentication & Authorization A admin March 12, 2026 (Updated April 22, 2026) JavaScript Python Java Image ![Authentication & Authorization](/sites/default/files/styles/16_9_512x288_focal_point_webp/public/doc-images/authentication-authorization.png.webp?itok=mqE8597y "Authentication & Authorization") ## On this page [ Back to top ](#main-content) All API requests must be authenticated. We support three authentication methods: API Keys, OAuth 2.0, and JWT tokens. Choose the method that best fits your use case. ## API Keys API keys are the simplest authentication method. Include your key in the Authorization header: Authorization: Bearer sk\_live\_abc123def456 API keys are best for server-to-server integrations where you control the environment. ## OAuth 2.0 For applications acting on behalf of users, implement the Authorization Code flow with PKCE. This is the recommended approach for web and mobile applications. // Step 1: Redirect user to authorization\\nconst authUrl = `?\\n client\_id=${CLIENT\_ID}&\\n redirect\_uri=${REDIRECT\_URI}&\\n response\_type=code&\\n code\_challenge=${codeChallenge}&\\n code\_challenge\_method=S256`; ## JWT Tokens For microservice architectures, use JWT tokens with RS256 signing. Register your public key in the Developer Portal. ## Scopes All methods support scope-based access control. Request only the scopes your application needs: read:buildings, write:addresses, admin:account. ### Tags [ Previous REST API Reference ](/docs/rest-api-reference) [ Next Quick Start Guide ](/docs/quick-start-guide)