Skip to main content
All Keymint API requests require authentication using Bearer tokens in the Authorization header. This guide covers everything you need to know about API authentication.

Authentication Overview

The Keymint API uses Bearer Token authentication for all API requests. You’ll need to include your access token in the Authorization header of every request.

Get Access Token

Generate your API token from the Keymint Dashboard

Manage Scopes

Control token permissions with granular scopes

Obtaining Access Tokens

1

Login to Dashboard

Navigate to app.keymint.dev and log in to your account.
2

Access Developer Settings

Go to SettingsDeveloperAPI Tokens in your dashboard.
3

Generate New Token

Click “Generate Token” and configure the following:
  • Token Name: Descriptive name for your token
  • Scopes: Select the appropriate permissions
  • Product Access: Choose which products this token can access
4

Save Your Token

Important: Copy and save your token immediately. For security reasons, you won’t be able to view it again.

Using Access Tokens

Include your access token in the Authorization header of every API request using the Bearer token format:
  • cURL
  • JavaScript
  • Python
  • Node.js SDK
curl -X GET "https://api.keymint.dev/customer" \
  -H "Authorization: Bearer at_your_token_here" \
  -H "Content-Type: application/json"

Token Scopes & Permissions

Control what your API tokens can access using scopes:
  • customers:read - View customer information
  • customers:write - Create and update customers
  • customers:delete - Remove customers
  • licenses:read - View license information
  • licenses:write - Create and modify licenses
  • licenses:activate - Activate/deactivate licenses
  • licenses:block - Block/unblock licenses
  • products:all - Access all products in your account
  • products:specific - Access only specified products

Security Best Practices

Token Storage

Environment Variables
# .env file
KEYMINT_API_TOKEN=at_your_token_here
Never store tokens in:
  • Source code repositories
  • Client-side applications
  • Log files or console output

Access Control

Principle of Least Privilege
  • Use minimal required scopes
  • Create separate tokens for different services
  • Regularly audit token permissions
  • Set appropriate product restrictions

Token Rotation

Rotate your API tokens regularly (every 90 days) and immediately revoke any compromised tokens.

Authentication Errors

Common authentication error responses: 
{
  "message": "Missing Authorization header",
  "code": 1
}

Handling Authentication Errors

1

Verify Token Format

Ensure you’re using the correct Bearer token format:
Authorization: Bearer at_your_token_here
2

Check Token Validity

Tokens can become invalid due to:
  • Expiration (if set)
  • Manual revocation
  • Account suspension
3

Verify Scopes

Ensure your token has the required scopes for the operation you’re attempting.

Token Management

View Active Tokens

Monitor all active API tokens in your dashboard

Revoke Tokens

Immediately revoke compromised or unused tokens

Audit Logs

Review API usage and access patterns

Generate New Tokens

Create tokens with specific scopes and permissions

Testing Authentication

Test your authentication setup with a simple API call: 
curl -X GET "https://api.keymint.dev/customer" \
  -H "Authorization: Bearer at_your_token_here" \
  -H "Content-Type: application/json"
If you receive customer data, your authentication is working correctly!
I