BRIDGE Intelligence
BRIDGEIntelligence
Build/Getting Started/Authentication

Authentication

How to authenticate with the Bridge API using API keys, JWT, and OAuth.

Overview

Bridge supports three authentication methods, depending on your use case:

  • API Keys — for server-to-server integrations
  • JWT (Bearer tokens) — for authenticated user sessions
  • OAuth 2.0 with PKCE — for user-facing applications

API Keys

API keys are the simplest method for server-to-server integrations. Pass your key in the X-API-Key header with every request.

curl https://api.gateway.service.d.bridgeintelligence.ltd/api/v1/wallets \ -H "X-API-Key: YOUR_API_KEY"

Getting an API Key

  1. Sign in to your Bridge account
  2. Navigate to the API Keys section
  3. Click "Create New Key"
  4. Copy the key immediately — it cannot be shown again
  5. Store it securely (use environment variables, never commit to git)

Key Permissions

API keys are scoped to specific permissions when created:

  • read — read-only access to resources
  • write — create and update resources
  • admin — full access including key management

JWT Bearer Tokens

For applications where users authenticate individually, use JWT tokens issued by Bridge ID.

curl https://api.gateway.service.d.bridgeintelligence.ltd/api/v1/wallets \ -H "Authorization: Bearer YOUR_JWT_TOKEN"

JWT tokens are issued after a successful OAuth flow and are valid for 1 hour. Use the refresh token to get a new access token without re-authenticating.

OAuth 2.0 with PKCE

For user-facing applications, use the OAuth 2.0 flow with PKCE (Proof Key for Code Exchange).

Step 1: Generate PKCE Verifier

const verifier = generateCodeVerifier() const challenge = await generateCodeChallenge(verifier)

Step 2: Redirect to Authorization Endpoint

https://id.bridgeintelligence.ltd/api/v1/authorize? response_type=code& client_id=YOUR_CLIENT_ID& redirect_uri=YOUR_REDIRECT_URI& scope=openid email profile& state=RANDOM_STATE& code_challenge=CHALLENGE& code_challenge_method=S256

Step 3: Exchange Code for Token

After the user authorizes, they'll be redirected back to your redirect_uri with a code parameter. Exchange it for tokens:

curl -X POST https://id.bridgeintelligence.ltd/api/v1/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=authorization_code&code=AUTH_CODE&redirect_uri=YOUR_REDIRECT_URI&client_id=YOUR_CLIENT_ID&code_verifier=VERIFIER"

You'll receive an access token, refresh token, and ID token in the response.

Best Practices

  • Never commit API keys to source control
  • Rotate keys regularly — at least every 90 days
  • Use environment variables for storing credentials
  • Limit key scope to the minimum permissions needed
  • Use OAuth for user-facing apps, not API keys
  • Store refresh tokens securely — they have long lifetimes
← Previous
SDKs & Client Libraries
Next →
Partner Console
Last updated: April 10, 2026
Got feedback?Need help?