Learn how to authenticate your requests with Drivly’s APIs
This guide will help you understand how to authenticate your requests with Drivly’s APIs. The Drivly API ecosystem uses both API Keys, and JSON Web Tokens (JWT) for authentication.
API Keys should be treated like a password for your account. They can be used to grant access to all the resources in your account. They are powerful, and must be kept secret.JWT Tokens, on the other hand, are used to authenticate a specific user. They have an expiration time,
and permissions are baked into the token itself to prevent unauthorized access.
We recommend using JWT tokens for your applications, using least-privilege
principles to ensure that your applications are secure.
For security purposes, you cannot create API Keys via the API. However, you can create them in the Drivly dashboard. Once you’ve created
an API key, you can use it to authenticate your requests by including it in the Authorization header.
Using an API Key
Copy
Ask AI
curl -X GET \ https://commerce.driv.ly/api/invoices \ -H 'Authorization: Bearer apiKey'
An array of permissions that the token should have. Any permission ending in
.read will grant GET access to the resource, while any permission ending in
.write will grant POST, PUT, and DELETE access to the resource.
If you use our JS SDK, you wont need to worry about refreshing user sessions.
The SDK will automatically handle this for you.
There are some cases where you may need to authenticate a user, such as storing sensitive information (SSN, credit card numbers, etc).
For such cases, you can redirect the user to the /auth endpoint, where they can log in and grant your application access to their account.
For applications that deal with sensitive information, user sessions are a great way to pass information to Drivly, without your
servers needing to be compliant with data protection laws. This is because the user is sending their information directly to us from
their own browser, and not through your servers.Any information the user provides is stored in your dashboard, and can be accessed by you at any time. However, there are limitations (SSNs, credit card numbers, etc),
and we recommend using the least-privilege principle when requesting permissions from the user.
Assistant
Responses are generated using AI and may contain mistakes.