Authentication
Segmind Cloud Authentication Documentation
Overview
This document details the authentication methods supported by Segmind Platform:
OAuth 2.0 social login (Google, Microsoft, Discord)
Bearer token authentication using JWT
API key authentication for server-to-server communication
Social logins provide a seamless and secure authentication experience by leveraging existing accounts from trusted providers, eliminating the need for users to create and remember additional credentials.
JSON Web Tokens (JWT) are compact, URL-safe tokens that enable secure information transmission between parties, containing encoded JSON payloads that can include user data and permissions.
OAuth Authentication
Supported Providers and Scopes
email
, profile
Microsoft
user.read
, profile
, email
Discord
identify
, email
, guilds
OAuth Login Process
Redirect users to our OAuth login page:
Users will be redirected to the selected provider's login page. After successful authentication, they'll be returned to:
Upon successful authentication, you'll receive:
The access token thus generated is automatically stored in an HTTP-only secure cookie with a 30-day expiration period. This cookie is used for subsequent API requests and authentication verification.
Bearer Token Authentication
Using Bearer Tokens
Include the JWT token in your API requests using the Authorization header:
Token Format
Our JWTs include:
jti
: Unique identifier for the JWTexp
: Token expiration timestampiat
: Token issue timestampnbf
: Token not valid before timestampidentity
: Email of the token user
Token Renewal
To refresh an expired access token:
API Key Authentication
Overview
API keys provide server-to-server authentication for automated workflows. Include them in the x-api-key
request header.
API Key Format
Format: 32-character alphanumeric string
Prefix:
SG_
for all API keysExample:
SG_3ec0a235721add59
Using API Keys
Include the API key in your requests:
API Key Management
Generate a new API key:
Revoke an API key:
Security Guidelines
Token Lifecycle
Access tokens expire after 1 hour
Refresh tokens expire after 30 days
API keys don't expire but should be rotated regularly
Rate Limits
Authentication endpoints: 5 requests/minute per IP
Token refresh: 10 requests/hour per user
API endpoints: Varies by subscription tier
Best Practices while using the platform
Secure Storage
Never expose API keys in client-side code
Use environment variables for key storage
Rotate API keys periodically
Error Handling
Implement retry logic with exponential backoff
Handle token expiration gracefully
Monitor for suspicious activity on your token/keys in usage on console.
Error Responses
Common authentication errors:
401
invalid_token
Token is invalid or expired
401
invalid_api_key
API key is invalid
403
insufficient_scope
Token lacks required permissions
429
rate_limit_exceeded
Too many requests
Code Examples
Python
Node.js
Support
For authentication issues or questions:
Email: support@segmind.com
Documentation: https://docs.segmind.com
Status page: https://status.segmind.com
Last updated