Skip to content
ComcentDocumentation

Authentication

Secure your API requests with proper authentication

Comcent API supports two types of authentication methods to secure API requests:

  • Organization-level API Keys: Not tied to any specific user, used for organization-wide operations
  • User-level Authentication Tokens: Tied to specific users, used for user-specific operations

Different APIs require different authentication methods. Some APIs use organization-level API keys, while others require user-level authentication tokens.

Organization-Level API Keys

Section titled “Organization-Level API Keys”

Organization-level API keys are not tied to any specific user and are used for organization-wide operations. These keys provide access to APIs that operate at the organization level.

  1. Create an Organization API Key

    Navigate to the settings page in Comcent application, go to the API Keys section, click “Create New API Key”, give it a descriptive name, and store it securely as you won’t be able to see it again.
    create api key

  2. Use the API Key

    Include the API key in the request headers using the format X-API-Key: your_api_key_here for APIs that require organization-level authentication.

Example Request with Organization API Key

Section titled “Example Request with Organization API Key”
Terminal window
curl -X GET https://api.comcent.io/api/orgs/acme/organization-endpoint \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_org_api_key_here"

User-Level Authentication Tokens

Section titled “User-Level Authentication Tokens”

User-level authentication tokens are tied to specific users and are required for user-specific operations. These tokens expire after 24 hours and need to be refreshed.

  1. Obtain a User Authentication Token

    Make an API request to obtain an authentication token by sending a GET request to the token endpoint with your organization API key included in the request headers, which will return an access token in the response.

  2. Use the User Token

    Once you have obtained the authentication token, include it in the Authorization header of all subsequent API requests using the format Authorization: Bearer <your_token>.

Example Request to Obtain User Token

Section titled “Example Request to Obtain User Token”
Terminal window
curl -X GET https://api.comcent.io/api/orgs/acme/user-token?email=user@example.com \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your_org_api_key_here"

Example Request with User Token

Section titled “Example Request with User Token”
Terminal window
curl -X GET https://api.comcent.io/api/orgs/acme/user-specific-endpoint \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer your_user_token_here"

API Authentication Requirements

Section titled “API Authentication Requirements”

Different APIs require different authentication methods:

  • Organization APIs: Use organization-level API keys with X-API-Key header
  • User APIs: Use user-level authentication tokens with Authorization: Bearer header

Token Expiration

Section titled “Token Expiration”

User-level authentication tokens are valid for 24 hours. Implement a token refresh mechanism in your application to ensure continuous access to the API. Organization-level API keys do not expire but should be rotated regularly for security.

Need Help?

Section titled “Need Help?”

If you encounter any authentication issues, please contact our support team or refer to the API Reference for detailed endpoint documentation.