Authentication
The KLIQ AI API supports three authentication methods: API keys, JWT tokens, and OAuth2 client credentials.
API Key Authentication
The simplest way to authenticate. Include your API key in the X-API-Key header with every request.
import { KliqClient } from '@kliq-ai/sdk';
const kliq = new KliqClient({
apiKey: process.env.KLIQ_API_KEY!,
});Keep your API key secret
Never expose your API key in client-side code or public repositories. Use environment variables and server-side requests.
Raw HTTP Example
GET /v1/tenants/t_abc123/observations HTTP/1.1
Host: api.kliqpulse.com
X-API-Key: kliq_live_abc123...
JWT Token Authentication
For user-scoped actions, use JWT tokens obtained via the token endpoint.
POST
/v1/auth/tokenExchange credentials for a JWT tokenPOST
/v1/auth/refreshRefresh an expired JWT token// Exchange credentials for a token
const { accessToken, refreshToken } = await kliq.auth.getToken({
email: 'user@example.com',
password: 'your-password',
});
// Use the token for subsequent requests
const kliqAuth = new KliqClient({
accessToken,
});
// Refresh when expired
const newTokens = await kliq.auth.refresh(refreshToken);OAuth2 Client Credentials
For service-to-service integration, use the OAuth2 client credentials flow.
const kliq = new KliqClient({
clientId: process.env.KLIQ_CLIENT_ID!,
clientSecret: process.env.KLIQ_CLIENT_SECRET!,
});
// The SDK handles token acquisition and refresh automaticallyScopes and Permissions
AuthConfig
| Property | Type | Required | Description |
|---|---|---|---|
| apiKey | string | No | API key for simple authentication |
| accessToken | string | No | JWT access token |
| clientId | string | No | OAuth2 client ID |
| clientSecret | string | No | OAuth2 client secret |
| baseUrl | string | No | API base URL (defaults to production) |
| Scope | Description |
|---|---|
observations:read | List and retrieve observations |
observations:write | Create and update observations |
cv:read | View CV job results |
cv:write | Start CV jobs |
locations:read | List locations |
locations:write | Manage locations |
webhooks:manage | Create and delete webhook subscriptions |
admin | Full tenant administration |
Error Codes
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid credentials |
403 Forbidden | Valid credentials but insufficient permissions |
Next steps
- Getting Started — Quick start guide
- Webhooks — Set up event notifications
- API Reference — Full endpoint documentation