Authentication

The Gateway uses a Bearer Token's (JWTs) for authentication. The token is passed in the Authorization: Bearer ... header of the HTTP request.

You need to be authenticated if you want to:

• Manipulate entities and relationships in the database
• Access all entities (without a channel-restriction)

If you only want to access entities within a certain channel - for example to display them on a website or within an app - you can do so without authentication. However, you need to know your the exact channel ID and project ID.

Authentication Flow

Authentication with API Key

For the most use cases you can use an API Key to authenticate your requests.

info

Have a look at Acquiring an API Key to learn how to get an API Key.

Authentication via OAuth/OpenID Connect

We also provide an OAuth Service for more complex authentication scenarios. Our OAuth Service is based on the OAuth 2.0 and OIDC Standard. If you are not familiar with the OAuth and or OpenID Standard, we recommend reading this articles first.

• What is OAuth 2.0?
• What is OpenID Connect?

Since this authentication method is more complex and is not necessary for most use cases, we only offer documentation on request.