Authentication
All API calls to AuthzX require authentication. Two methods are supported, and both are accepted on every endpoint:
- API keys (prefix
azx_) — simple, long-lived, ideal for internal scripts and trusted backends. - OAuth2 Client Credentials (client secret prefix
azx_cs_) — standards-compliant, short-lived tokens with scopes. Preferred for CI/CD, third-party integrations, and compliance-sensitive deployments. See OAuth2 Client Credentials.
Getting an API key
- Sign in to the AuthzX Console
- Go to Settings → API → API Keys
- Click Create API Key
- Copy the key — it won't be shown again
Using the API key
Pass the API key in the Authorization header:
Authorization: Bearer azx_...
The same header format applies to OAuth2 access tokens — the server accepts either.
Example
curl -X POST https://api.authzx.com/v1/authorize \
-H "Authorization: Bearer azx_..." \
-H "Content-Type: application/json" \
-d '{
"subject": { "id": "user-123", "type": "user" },
"resource": { "id": "doc-456", "type": "document" },
"action": { "name": "read" }
}'
Tenant isolation
Your credentials are bound to your tenant. The tenant context is resolved automatically — you don't need to pass it in the request body.
All resources, subjects, policies, and evaluation results are isolated to your tenant.
Key management
- API keys can be revoked from the Console at any time.
- Keys have an optional expiration date.
- Create separate keys for different environments (development, staging, production).
Base URL
https://api.authzx.com
What can you do with your credentials?
Both API keys and OAuth2 access tokens give you access to two sets of APIs:
- Management API — Create and manage applications, resource types, resources, subjects, roles, and policies programmatically. Interactive documentation with request/response schemas.
- Authorize API — Check if a subject is allowed to perform an action on a resource. This is what your application calls at runtime.