Should I be authenticated to use the REST API? Which endpoints require authentication? How to authenticate?

Since Akord

As a user of Akord's REST API, you may authenticate using the following methods:

  • JSON Web Tokens – short-lived tokens

  • API keys - long life, revokable keys

Both authentication methods are working interchangeably. Choosing the authentication method depends of your use case. It is not recommended to use personal API key on customer facing client-side apps (eg, your frontend app that possibly requires Akord storage) because of the risk of compromising the key.

JSON Web Tokens

You may issue Jason Web Tokens (JWT) using your credentials but not with a simple password grant. Instead, we promote Secure Remote Protocol (SRP), which prevents the password from leaving your machine. Since SRP is little bit more demanding for client negotiating tokens we encapsulate the SRP client-side logic in CLI.

Future releases of this doc may bring pure HTTP token negotiation.


npm i -g @akord/akord-cli

Issue new token

This shows as well how to call the CLI from from a non-shell env

akord login <akord_account_email> -p <akord_account_password> -t

Use the token

Put the JWT, prefixed with Bearer into Authorization header of HTTP request to REST API, for example:

curl -X GET \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your_token"


Generate API Key

Typically, you would generate / rotate the API key using our frontend app:

You can also use the API directly to issue an API Key:

curl -X PUT \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your_token"

Use the API Key

Put the API Key into Api-Key header of HTTP request to REST API, for example:

curl -X GET \
-H "Content-Type: application/json" \
-H "Api-Key: your_api_key"

Last updated