Authentication
How to authenticate with the Risk Intelligence API using JWT-based credentials.
The Risk Intelligence API uses JWT-based authentication. Clients authenticate using a client_id and
client_secret to obtain an access token, which is then used to authorize all subsequent API requests.4
The client_id and client_secret will be provided by our customer support team upon onboarding.
Integration Steps
1. Access Token Creation
Clients initiate authentication by sending a POST request to the /v1/auth endpoint with their client_id
and client_secret.
If successful, the response includes:
access_token— a short-lived token used for authenticating API requestsrefresh_token— used to renew the access token without re-authenticating
2. Access Token Refresh
When the access token expires, clients can request a new one by sending a POST request to /v1/auth/refresh with a
valid refresh_token.
3. Usage in API Requests
Include the access token in the Authorization header of every API request: Authorization: Bearer <access_token>
📈 Rate Limit
To ensure fair usage and system stability, the API enforces rate limits.
- If a client exceeds the rate limit, the API responds with:
429 Too Many Requests - A
Retry-Afterheader will be included in the response, indicating how long the client must wait before retrying the request.
Be sure to implement retry logic and token refresh handling in your integration to avoid disruptions.