Auboz API

Authentication

How to authenticate API requests using JWT tokens or API keys.

All API requests require authentication via a bearer token in the Authorization header. The same credentials work for both the REST API (api.auboz.com) and Agent endpoint (agent.auboz.com).

Auth Methods

MethodFormatUse Case
API KeyBearer sk_...Machine-to-machine, integrations, scripts
JWT TokenBearer eyJ...Web sessions (frontend)

API Keys

API keys are the recommended way to authenticate programmatic access. Create them in Settings → Developer.

Header format
Authorization: Bearer sk_your_api_key_here

Key Properties

  • Scoped: Each key has specific scopes controlling what operations it can perform
  • Long-lived: Keys do not expire unless manually deleted
  • Show-once: The full key is shown only at creation — store it securely
  • Limit: Maximum 10 keys per user
  • Shared rate limits: All keys belonging to the same user share rate limit buckets

Key Format

Keys follow the format sk_<entropy>.<signature> where:

  • sk_ prefix identifies it as a secret key
  • 64-char hex entropy provides uniqueness
  • 64-char HMAC-SHA256 signature prevents forgery

Scopes

Each API key must have at least one scope. See Scopes Reference for the full list.

Getting Started

Get up and running with the Auboz API in under 5 minutes.

User & API Keys

Endpoints for managing user profile and API keys.

On this page

Auth MethodsAPI KeysKey PropertiesKey FormatScopes