Authentication

Secure your API requests with proper authentication.

Authentication Methods

InsightAgent supports two authentication methods:

1. Bearer Token (JWT)

For user-context requests, use JWT tokens:

curl -X GET "https://api.insightagent.io/api/interviews" \
  -H "Authorization: Bearer <jwt-token>"

Obtaining a Token: Tokens are obtained through the web application login flow. For programmatic access, use API keys instead.

2. API Keys

For server-to-server integrations:

curl -X GET "https://api.insightagent.io/api/interviews" \
  -H "x-api-key: <your-api-key>"

Generating an API Key:

  1. Log in to InsightAgent

  2. Go to Settings > API Keys

  3. Click Generate New Key

  4. Copy the key immediately (shown once only)

  5. Store securely

API Key Best Practices

Do

  • Store keys in environment variables

  • Use separate keys for different environments

  • Rotate keys periodically

  • Limit key permissions when possible

Don't

  • Commit keys to version control

  • Share keys in plain text

  • Use production keys in development

  • Expose keys in client-side code

Key Management

Viewing Keys

See all active keys in Settings > API Keys

Revoking Keys

  1. Go to Settings > API Keys

  2. Click Revoke next to the key

  3. Confirm revocation

Revoked keys stop working immediately.

Error Responses

Invalid Token

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired token"
  }
}

Invalid API Key

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key"
  }
}

Missing Authentication

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication required"
  }
}
PreviousOverviewNextEndpoints

Last updated