Authentication

Our REST API enables your backend services to send us information we need to implement Cord, such as the identities of your users and organizations


All REST API requests must include a valid server auth token in the HTTP headers: Authorization: Bearer <SERVER_AUTH_TOKEN>.

A diagram of how app_id and secret are used to create a JWT for authenticating with Cord servers

To generate auth tokens, you'll need your app ID and secret, which you can get from the Cord console.

Never share your secret with anyone or include it in client code.

If your backend uses Node.js, Go, or Java, use our server libraries to generate server auth tokens.

Otherwise, please see our in-depth guide to authentication to learn how to generate server auth tokens.