Authentication
Overview
The Partner API uses JWT-based authentication. You authenticate with your workspace API key and receive tokens for subsequent requests.
- API Key: Provided by Consentio during integration setup, tied to a specific workspace
- Access Token: JWT used in the
Authorizationheader for all authenticated requests - Refresh Token: Used to obtain a new access token when the current one expires
Authentication Flow
Login
POST /v2/partner/{workspaceID}/login
Content-Type: application/json
{
"api_key": "sk_live_xxxxxxxxxxxxx"
}
The response includes an access_token, refresh_token, and workspace metadata (ID, name, status, default currency). See the API Reference for the full response schema.
Using the Access Token
Include the token in the Authorization header of all authenticated requests:
Authorization: Bearer <access_token>
Token Lifecycle
- Obtain tokens by calling the login endpoint with your API key
- Use the access token for all authenticated API calls
- Re-authenticate when the access token expires (call login again)
- Store tokens securely - never expose them in client-side code or logs
Best Practices
- Cache the access token and reuse it until it expires
- Implement automatic re-authentication on
401responses - Store API keys in environment variables or a secrets manager
- Rotate API keys periodically - contact your integration manager
Testing
# Login
curl -X POST "https://sandbox.api.consentio.co/v2/partner/123/login" \
-H "Content-Type: application/json" \
-d '{"api_key": "sk_test_xxxxxxxxxxxxx"}'
# Use the returned access_token
curl -X GET "https://sandbox.api.consentio.co/v2/partner/123/products?from=2024-01-01T00:00:00Z&to=2024-12-31T23:59:59Z" \
-H "Authorization: Bearer <access_token>"
