Authentication

Secure your API requests with industry-standard authentication methods. ColoursUI supports API keys, OAuth 2.0, and JWT bearer tokens.

API Keys

The simplest way to authenticate. Include your API key in the Authorization header:

Authorization: Bearer sk_live_your_api_key_here

Generating Keys

⚠️Keep your keys safe

API keys are shown only once at creation time. Store them securely in a password manager or environment variable. If you lose a key, you'll need to generate a new one.

Navigate to Settings → API Keys in the admin dashboard
Click Create New Key
Assign permissions (read-only, read-write, admin)
Copy the key — it won't be shown again

OAuth 2.0

For apps that act on behalf of users, use OAuth 2.0 Authorization Code flow:

Redirect to Authorization

https://auth.coloursui.com/authorize

Receive Authorization Code

Your callback URL

Exchange for Access Token

https://auth.coloursui.com/token

JWT Tokens

For service-to-service communication, generate signed JWT tokens using your private key. Tokens expire after 1 hour by default.

{
  "iss": "your-service-id",
  "sub": "workspace-id",
  "aud": "https://api.coloursui.com",
  "exp": 1700000000,
  "iat": 1699996400
}

Security Best Practices

💡Pro tip

Enable IP allowlisting in your workspace settings to restrict API key usage to specific CIDR ranges. This adds an extra layer of protection against leaked credentials.

Never expose API keys in client-side code
Rotate keys regularly (recommended: every 90 days)
Use environment variables for key storage
Set the minimum permissions required for each key
Monitor key usage in the dashboard audit log