Authentication
API authentication and token management
Authentication
ABS Core uses Personal Access Tokens (PATs) for API authentication. Tokens are scoped by role.
Getting a Token
ABS Core Enterprise uses a "White Glove" onboarding process. Your API tokens are issued securely by your account manager and sent via encrypted email.
If you need to rotate a token or request a new one for a specific environment (e.g., Staging vs Production), please submit a request to [email protected].
Self-service token generation via the Dashboard is disabled for Enterprise clients to ensure strict access control.
Using Tokens
Include your PAT in every API request:
Native HTTP (cURL)
curl -X POST https://api.abscore.app/v1/events/query \
-H "Authorization: Bearer abs_pat_7f2b9a...1c3e8" \
-H "Content-Type: application/json" \
-d '{"limit": 100}'Next.js / Node Environment
// For secure Edge or Server Actions in Next.js
export async function getEvents() {
const response = await fetch('https://api.abscore.app/v1/events/query', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.ABS_PAT_TOKEN}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ limit: 10 })
});
if (!response.ok) {
if (response.status === 401) throw new Error("Invalid PAT token or expired.");
if (response.status === 403) throw new Error("PAT lacks required scopes.");
throw new Error(`API Error: ${response.statusText}`);
}
return response.json();
}Python / FastAPI Environment
import os
import httpx
async def fetch_governance_events():
url = "https://api.abscore.app/v1/events/query"
headers = {
"Authorization": f"Bearer {os.environ.get('ABS_PAT_TOKEN')}",
"Content-Type": "application/json"
}
async with httpx.AsyncClient() as client:
response = await client.post(url, headers=headers, json={"limit": 50})
# Handle Rate Limits cleanly
if response.status_code == 429:
retry_after = response.headers.get("retry-after", 60)
print(f"Rate limited. Backing off for {retry_after}s")
return None
response.raise_for_status()
return response.json()Token Scopes
| Role | Scope | Permissions |
|---|---|---|
admin | runtime:read runtime:write admin:manage | Full access + user management |
operator | runtime:read runtime:write | Send events, use proxy |
viewer | runtime:read | Read-only dashboard access |
Endpoints
| Method | Path | Description |
|---|---|---|
GET | /auth/github | Start GitHub OAuth flow |
GET | /auth/github/callback | OAuth callback (internal) |
POST | /login | Email/password login |
POST | /token | Generate PAT |
GET | /verify | Verify token validity |
GET | /me | Get current user profile |
POST | /logout | End session |
GET | /health | Service health check |
Verify Token
curl https://auth.abscore.app/verify \
-H "Authorization: Bearer abs_pat_7f2b9a...1c3e8"Response:
{
"active": true,
"type": "pat",
"userId": "usr_9kx2p5v6",
"email": "[email protected]",
"role": "operator",
"scope": "runtime:read runtime:write"
}Current User
curl https://auth.abscore.app/me \
-H "Authorization: Bearer SESSION_TOKEN"Response:
{
"id": "usr_k8m2n4q1",
"email": "[email protected]",
"name": "Rodrigo Gomes",
"avatar": "https://avatars.githubusercontent.com/u/741852",
"role": "admin",
"provider": "github"
}Ready to dive in?
Read the Concepts overview or bootstrap your integration directly via the Quickstart Guide.
Need a tailored demo?
Our engineers can set up a Shadow Mode trial mapping your real traffic securely.
Contact Enterprise Sales