Authentication
URAPIS supports multiple authentication methods to secure your API access.
API Key Authentication
The primary method for API consumers. After subscribing to an API product, you receive a unique API key.
Header: X-API-Key
curl -H "X-API-Key: your-api-key" https://gateway.urapis.com/v1/endpoint
Session Authentication
For dashboard access, URAPIS uses JWT-based session authentication with:
- Access tokens (short-lived)
- Refresh tokens (long-lived)
- CSRF protection via double-submit cookie pattern
- Automatic token refresh
API Key Security
- Store your API key securely — never commit it to version control
- Rotate keys regularly via the dashboard
- Use environment variables for server-side integrations
- Revoke compromised keys immediately