Option 1 — End-user (session JWT)
End-user sign-in uses your tenant’s managed identity provider. After sign-in, the session JWT is automatically attached to every request the frontend makes.Option 2 — Server-to-server (Developer API Key)
For backend integrations and batch jobs, use a Developer API Key created in the Console under Settings → Developer API Keys.Option 3 — Internal service-to-service
The AI Services (internal service) and backend (internal service) communicate using a tenant-scopedX-Service-Key header. This is for internal use; do not expose to clients.
SDK token refresh
The SDKs automatically refresh tokens before expiration. There is no need to track expiry manually.What’s next
Creating Clients
Generate your first API key.
Security Best Practices
Five rules to follow.