Skip to main content

Backend API Authentication

Overview of authentication mechanisms for the Wacht Platform Backend API.

Authentication Methods

The Wacht Platform Backend API supports multiple authentication methods:
MethodUse CaseDescription
API KeysServer-to-serverBearer token authentication
JWT TokensUser sessionsGenerated after signin/signup

API Key Authentication

Use API keys for backend-to-backend communication.

Getting an API Key

  1. Navigate to wacht.dev
  2. Go to your deployment settings
  3. Navigate to API Keys
  4. Click Generate New Key
  5. Copy the key (starts with sk_test_ or sk_live_)

Using API Keys

Include the API key in the Authorization header: 
Authorization: Bearer sk_test_your_api_key_here
X-Deployment-ID: depo_123

cURL Example

curl -X GET "https://api.wacht.dev/deployments/depo_123/users" \
  -H "Authorization: Bearer sk_test_your_api_key_here"

Security Best Practices

  • ✅ Store in environment variables
  • ✅ Use different keys for dev/staging/production
  • ✅ Rotate keys regularly
  • ❌ Never commit to git
  • ❌ Never expose in client-side code

JWT Token Authentication

After users authenticate, they receive a JWT token for subsequent requests.

Token Structure

{
  "sub": "user_123",
  "iat": 1640995200,
  "exp": 1641081600,
  "deployment_id": "depo_123",
  "organization_id": "org_456"
}

Using JWT Tokens

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Error Handling

Common Authentication Errors

ErrorDescriptionSolution
UNAUTHORIZEDInvalid API keyCheck your API key
TOKEN_EXPIREDJWT token expiredImplement token refresh
MISSING_DEPLOYMENT_IDNo deployment IDInclude X-Deployment-ID header

Next Steps