Skip to main content

​
API Authentication

All protected endpoints require authentication. This page covers the authentication methods available.

​
Authentication Methods

MethodHeaderUse Case
API KeyAuthorization: Bearer olive_live_xxxThird-party integrations
JWTAuthorization: Bearer eyJ...Admin dashboard
Service AuthX-Service-Auth: HMAC timestamp:signatureInternal services

​
API Key Authentication

Most common for external integrations.

​
Request Format

curl -X GET https://olive-gateway-a6ba.onrender.com/api/v1/balance/user123 \
  -H "Authorization: Bearer olive_live_xxxxxxxxxxxxxxxxxxxxxxxx"

​
API Key Prefixes

PrefixEnvironment
olive_live_Production
olive_test_Staging/Testing

​
JWT Authentication

For admin operations and protected dashboard endpoints.

​
Obtaining a Token

curl -X POST https://olive-gateway-a6ba.onrender.com/api/v1/admin/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "admin@olive.example.com",
    "password": "your-password"
  }'

​
Using the Token

curl -X GET https://olive-gateway-a6ba.onrender.com/api/v1/admin/users \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

​
Error Responses

​
401 Unauthorized

Missing or invalid authentication: 
{
  "error": "Unauthorized",
  "code": "UNAUTHORIZED",
  "message": "Invalid or missing authentication token"
}

​
403 Forbidden

Authenticated but lacking permission: 
{
  "error": "Forbidden",
  "code": "FORBIDDEN",
  "message": "Insufficient permissions for this operation"
}

​
Best Practices

Store API keys securely; never expose in client-side code or version control.
Rotate API keys periodically and immediately after any suspected compromise.
Request only the scopes needed for your integration.
Always use HTTPS in production to protect credentials in transit.