Authentication

URAPIS supports multiple authentication methods to secure your API access.

API Key Authentication

The primary method for API consumers. After subscribing to an API product, you receive a unique API key.

Header: X-API-Key

curl -H "X-API-Key: your-api-key" https://gateway.urapis.com/v1/endpoint

Session Authentication

For dashboard access, URAPIS uses JWT-based session authentication with:

  • Access tokens (short-lived)
  • Refresh tokens (long-lived)
  • CSRF protection via double-submit cookie pattern
  • Automatic token refresh

API Key Security

  • Store your API key securely — never commit it to version control
  • Rotate keys regularly via the dashboard
  • Use environment variables for server-side integrations
  • Revoke compromised keys immediately