search

Authentication

Secure your API requests with proper authentication.

hashtag
Authentication Methods

InsightAgent supports two authentication methods:

hashtag
1. Bearer Token (JWT)

For user-context requests, use JWT tokens:

curl -X GET "https://api.insightagent.io/api/interviews" \
  -H "Authorization: Bearer <jwt-token>"

Obtaining a Token: Tokens are obtained through the web application login flow via Supabase. For programmatic access, use API keys instead.

hashtag
2. API Keys

For server-to-server integrations:

curl -X GET "https://api.insightagent.io/api/interviews" \
  -H "x-api-key: <your-api-key>"

API Key Format:

sk_{environment}_{32-character-hex-string}

Example: sk_prod_a1b2c3d4e5f6...

Obtaining an API Key: API keys are currently provisioned by administrators. Contact [email protected] to request an API key for your account.

hashtag
API Key Best Practices

hashtag
Do

  • Store keys in environment variables

  • Use separate keys for different environments

  • Rotate keys periodically

hashtag
Don't

  • Commit keys to version control

  • Share keys in plain text

  • Use production keys in development

  • Expose keys in client-side code

hashtag
Error Responses

hashtag
Missing Authentication (400)

hashtag
Invalid Credentials (401)

Returned when the token is invalid/expired or the API key is not recognized.

PreviousOverviewNextEndpoints

Last updated