Authentication

You'll need to authenticate your requests to access the IMMUNE API endpoints. In this guide, we'll look at how authentication works. IMMUNE offers two ways to authenticate your API requests: API key authentication and OAuth2 with bearer tokens — OAuth2 is recommended for production environments.

API Key authentication

For quick testing and development, you can use API key authentication. Each request should include your API key in the Authorization header:

curl https://api.immune.dev/v1/sensors \
  -H "Authorization: ApiKey your-api-key"

OAuth2 with bearer token

The recommended way to authenticate with the IMMUNE API in production is using OAuth2. When establishing a connection using OAuth2, you will need your access token — you will find it in the IMMUNE dashboard under API settings. Here's how to add the token to the request header:

curl https://api.immune.dev/v1/sensors \
  -H "Authorization: Bearer {token}"

Obtaining an access token

To get an access token:

1. Register your application in the IMMUNE dashboard
2. Configure your OAuth2 credentials
3. Use the OAuth2 flow to obtain an access token

curl -X POST https://auth.immune.dev/oauth/token \
  -d "grant_type=client_credentials" \
  -d "client_id=your-client-id" \
  -d "client_secret=your-client-secret"

Using an SDK

If you use one of our official SDKs, authentication is handled automatically. Simply initialize the client with your credentials:

import { ImmuneClient } from '@immune/api'

// Using API key
const client = new ImmuneClient('your-api-key')

// Using OAuth2
const client = new ImmuneClient({
  clientId: 'your-client-id',
  clientSecret: 'your-client-secret'
})

Security best practices

When integrating with IMMUNE, follow these security guidelines:

1. Use OAuth2 in production environments
2. Rotate your credentials regularly
3. Use environment variables to store sensitive credentials
4. Implement proper token management and refresh flows
5. Monitor API usage through the dashboard