Skip to main content

API Authentication

Synaptis APIs use industry-standard authentication methods to ensure secure access to your lead data. Choose between API keys for server-to-server communication or OAuth 2.0 for user-authorized access.

API Keys

Best for server-to-server integrations and automated workflows

OAuth 2.0

Best for user-facing applications requiring delegated access

API Keys

API keys provide a simple way to authenticate server-to-server requests. Include your API key in the Authorization header of every request.

Creating an API Key

  1. Navigate to your Dashboard > Settings > API Keys
  2. Click "Create New API Key"
  3. Select the appropriate permissions and scopes
  4. Copy and securely store your key (it won't be shown again)
Request HeaderRequired
Authorization: Bearer YOUR_API_KEY

# Example with cURL
curl -X POST https://api.synaptis.io/v1/leads/verify \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'

API Key Types

PrefixEnvironmentDescription
sk_live_ProductionLive API key for production traffic
sk_test_SandboxTest key for development and testing
pk_PublicPublishable key for client-side operations

OAuth 2.0

OAuth 2.0 provides secure, delegated access to the API on behalf of users. This is ideal for applications that need to access user data without storing credentials.

Authorization Code Flow

Step 1: Redirect to Authorization
GET https://auth.synaptis.io/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &response_type=code
  &scope=leads:read leads:write
  &state=random_state_string
Step 2: Exchange Code for Token
POST https://auth.synaptis.io/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=AUTH_CODE_FROM_CALLBACK
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&redirect_uri=https://yourapp.com/callback

Available Scopes

ScopeDescription
leads:readRead lead data and verification results
leads:writeSubmit and modify lead data
buyers:manageManage buyer configurations
analytics:readAccess analytics and reports

Bearer Tokens

Both API keys and OAuth access tokens are used as Bearer tokens in the Authorization header.

Token Response
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "rt_abc123...",
  "scope": "leads:read leads:write"
}

Key Rotation

Regular key rotation is a security best practice. Synaptis supports seamless key rotation without downtime.

Rotation Grace Period

When you rotate a key, the old key remains valid for 24 hours, giving you time to update your integrations.

  1. Generate a new API key from your dashboard
  2. Update your application to use the new key
  3. Verify the new key works in production
  4. Revoke the old key after confirmation

Security Best Practices

Never expose API keys client-side

Keep secret keys on your server. Use publishable keys for client-side operations only.

Use environment variables

Store API keys in environment variables, never in source code or version control.

Use minimum required scopes

Request only the permissions your application needs. Follow the principle of least privilege.

Rotate keys regularly

Implement a key rotation schedule. Immediately rotate any keys that may have been compromised.

Back to Lead SystemsWebhooks

Demo Platform: This is a demonstration of our custom development capabilities. We build tailored solutions for your specific needs.

Schedule Demo