Skip to main content
Three credential paths cover every integration. Pick the one that matches your application.

Option 1 — End-user (session JWT)

End-user sign-in uses your tenant’s managed identity provider. After sign-in, the session JWT is automatically attached to every request the frontend makes.

Option 2 — Server-to-server (Developer API Key)

For backend integrations and batch jobs, use a Developer API Key created in the Console under Settings → Developer API Keys.

Option 3 — Internal service-to-service

The AI Services (internal service) and backend (internal service) communicate using a tenant-scoped X-Service-Key header. This is for internal use; do not expose to clients.

SDK token refresh

The SDKs automatically refresh tokens before expiration. There is no need to track expiry manually.

What’s next

https://mintcdn.com/medera-357fd587/iC-6rAuwl-0aQSw_/icons/ui/key.svg?fit=max&auto=format&n=iC-6rAuwl-0aQSw_&q=85&s=4ef54e51baa6c73498065cb90a8834ff

Creating Clients

Generate your first API key.
https://mintcdn.com/medera-357fd587/n1mgcc3nR2sq_PoL/icons/ui/shield-check.svg?fit=max&auto=format&n=n1mgcc3nR2sq_PoL&q=85&s=6909d120dcab3cdfef838294f042d00c

Security Best Practices

Five rules to follow.