API Authentication

API keys are the simplest way to authenticate with the DB Audit API. They're ideal for server-side applications, automation scripts, and CI/CD pipelines.

Generating an API Key

1. 1 Navigate to Settings > API Keys in your dashboard
2. 2 Click "Create API Key" and provide a descriptive name
3. 3 Select the required scopes for your integration
4. 4 Copy and securely store your API key (it won't be shown again)

Using Your API Key

# Using API Key in header
curl -X GET "https://api.dbaudit.ai/v1/databases" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Using Environment Variables

Store your API key in an environment variable for secure, portable configuration:

# Store your API key securely
export DBAUDIT_API_KEY="dbaudit_live_xxxxxxxxxxxxxxxx"

# Use in your application
curl -X GET "https://api.dbaudit.ai/v1/databases" \
  -H "Authorization: Bearer $DBAUDIT_API_KEY"

OAuth 2.0 is ideal for applications that need to act on behalf of users. It supports SSO integration and provides fine-grained permission control.

Authorization Code Flow

# Step 1: Redirect user to authorization endpoint
GET https://api.dbaudit.ai/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=https://yourapp.com/callback&
  response_type=code&
  scope=read:databases write:policies

# Step 2: Exchange authorization code for tokens
POST https://api.dbaudit.ai/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
code=AUTHORIZATION_CODE&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET&
redirect_uri=https://yourapp.com/callback

Supported Grant Types

• authorization_code - For web applications with server-side rendering
• client_credentials - For machine-to-machine authentication
• refresh_token - For obtaining new access tokens

JSON Web Tokens are short-lived credentials ideal for user sessions in frontend applications. They expire after 1 hour and can be refreshed using refresh tokens.

Obtaining JWT Tokens

# Authenticate and receive JWT token
curl -X POST "https://api.dbaudit.ai/v1/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "your_password"
  }'

# Response includes access and refresh tokens
{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "refresh_token": "eyJhbGciOiJSUzI1NiIs...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Refreshing Tokens

When your access token expires, use the refresh token to obtain a new one without requiring user re-authentication:

# Refresh an expired access token
curl -X POST "https://api.dbaudit.ai/v1/auth/refresh" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "eyJhbGciOiJSUzI1NiIs..."
  }'

Permission Scopes

Scopes define what resources and actions your API credentials can access. Request only the scopes you need following the principle of least privilege.

SDK Authentication

Our official SDKs handle authentication automatically. Just provide your API key and start making requests.

import dbaudit

# Initialize with API key
client = dbaudit.Client(api_key="dbaudit_live_xxxxxxxx")

# Or use environment variable (recommended)
# export DBAUDIT_API_KEY="dbaudit_live_xxxxxxxx"
client = dbaudit.Client()

# Make authenticated requests
databases = client.databases.list()

import { DBaudit } from '@dbaudit/sdk';

// Initialize with API key
const client = new DBaudit({
  apiKey: 'dbaudit_live_xxxxxxxx',
});

// Or use environment variable (recommended)
// DBAUDIT_API_KEY="dbaudit_live_xxxxxxxx"
const client = new DBaudit();

// Make authenticated requests
const databases = await client.databases.list();

Authentication Errors

Handle these common authentication errors in your integration: