Authentication

Synjar uses JWT bearer token authentication for API access.

Getting an API key

Log in to Synjar
Go to Settings > API Keys
Click Create API Key
Copy and securely store the key

warning

API keys are shown only once. Store them securely - you can't retrieve them later.

Using the API key

Include the key in the Authorization header:

curl -X GET "https://api.synjar.com/v1/workspaces" \
  -H "Authorization: Bearer YOUR_API_KEY"

Authentication methods

API keys (recommended for integrations)

Long-lived keys for server-to-server communication.

Never expire (until revoked)
Tied to user who created them
Workspace scoped - access same workspaces as user

Session tokens (for web apps)

Short-lived tokens from login endpoint.

curl -X POST "https://api.synjar.com/v1/auth/login" \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com", "password": "your-password"}'

Response:

{
  "accessToken": "eyJ...",
  "refreshToken": "eyJ...",
  "expiresIn": 900
}

Access token: 15 minutes
Refresh token: 7 days

Refreshing tokens

curl -X POST "https://api.synjar.com/v1/auth/refresh" \
  -H "Content-Type: application/json" \
  -d '{"refreshToken": "eyJ..."}'

Error responses

Status	Error	Meaning
401	`UNAUTHORIZED`	Invalid or missing token
401	`TOKEN_EXPIRED`	Token has expired
403	`FORBIDDEN`	Valid token, insufficient permissions

Security best practices

DO

Store API keys in environment variables
Use HTTPS for all requests
Rotate keys periodically
Revoke unused keys

DON'T

Commit API keys to source control
Share keys between applications
Use keys in client-side code
Log full API keys

Example implementations

JavaScript/Node.js

const apiKey = process.env.SYNJAR_API_KEY;

const response = await fetch('https://api.synjar.com/v1/workspaces', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
  },
});

const workspaces = await response.json();

Python

import os
import requests

api_key = os.environ['SYNJAR_API_KEY']

response = requests.get(
    'https://api.synjar.com/v1/workspaces',
    headers={'Authorization': f'Bearer {api_key}'}
)

workspaces = response.json()

cURL

export SYNJAR_API_KEY="your-key"

curl "https://api.synjar.com/v1/workspaces" \
  -H "Authorization: Bearer $SYNJAR_API_KEY"

Getting an API key​

Using the API key​

Authentication methods​

API keys (recommended for integrations)​

Session tokens (for web apps)​

Refreshing tokens​

Error responses​

Security best practices​

DO​

DON'T​

Example implementations​

JavaScript/Node.js​

Python​

cURL​

See also​