The Creditsafe API uses a secure authentication mechanism to ensure that only authorized users can access API resources. Understanding how authentication works is essential for successfully integrating with the API.
Creditsafe Connect API uses JWT (JSON Web Token) based authentication. This token-based approach provides a secure and efficient way to authenticate API requests.
Obtain Credentials
- You will be provided with a username and password by Creditsafe
- These credentials are unique to your account and should be kept secure
Request an Access Token
- Use your username and password to authenticate and receive a JWT token
- The authentication endpoint returns a token that must be included in all subsequent API requests
- This token serves as proof of your identity and authorization
Include Token in API Requests
- Add the JWT token to the
Authorizationheader of your HTTP requests - Format:
Authorization: Bearer <your_jwt_token> - The token must be included in every API call to authenticate your request
- Add the JWT token to the
| Property | Value |
|---|---|
| Token Lifespan | 1 hour |
| Action Required | Request a new token before expiry |
| Best Practice | Implement automatic token refresh in your application |
Important: JWT tokens expire after one hour. To maintain uninterrupted connectivity:
- Monitor token expiry time
- Request a new token before the current one expires
- Update your application to use the new token for subsequent requests
Failure to refresh the token will result in 401 Unauthorized errors when making API calls.
Authentication requests are subject to rate limiting to prevent abuse and ensure service availability. For detailed information about rate limits and how they apply to authentication and other API endpoints, please refer to the Rate Limiting documentation.
- Never share your credentials with unauthorized parties
- Store credentials securely using environment variables or secure credential management systems
- Implement token refresh logic to handle expiry gracefully
- Use HTTPS for all API communications
- Rotate credentials regularly as part of your security policies
- Monitor authentication failures to detect potential security issues
1. POST /authenticate
Body: { "username": "your_username", "password": "your_password" }
2. Response: { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
3. Subsequent API Request:
GET /companies/{connectId}
Header: Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...| Issue | Solution |
|---|---|
| 401 Unauthorized | Token may be expired or invalid - request a new token |
| 403 Forbidden | Your account may not have permissions for the requested resource |
| 429 Too Many Requests | You have exceeded rate limits - refer to Rate Limiting |
For additional support, please refer to the Providing Feedback page.