Skip to main content

Authentication

ECOSIRE supports two authentication methods for API access.

For server-to-server integrations, use an API key:

curl -H "Authorization: Bearer eco_live_abc123..." \
  https://api.ecosire.com/api/licenses

API keys are created in your Dashboard > API Keys.

JWT Bearer Token

For user-facing applications, authenticate via the OAuth flow:

1. Redirect to Login

GET /api/auth/login?redirect_uri=https://yourapp.com/callback

2. Exchange Callback Code

After the user authenticates, they're redirected to your redirect_uri with a token.

3. Use the Token

curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..." \
  https://api.ecosire.com/api/users/me

4. Refresh Token

curl -X POST https://api.ecosire.com/api/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refreshToken": "..."}'

Security Best Practices

  • Never expose API keys in client-side code
  • Rotate keys regularly
  • Use environment variables to store keys
  • Revoke compromised keys immediately via the dashboard