Authentication
Last updated
Last updated
This document details the authentication methods supported by Segmind Platform:
OAuth 2.0 social login (Google, Microsoft, Discord)
Bearer token authentication using JWT
API key authentication for server-to-server communication
Social logins provide a seamless and secure authentication experience by leveraging existing accounts from trusted providers, eliminating the need for users to create and remember additional credentials.
JSON Web Tokens (JWT) are compact, URL-safe tokens that enable secure information transmission between parties, containing encoded JSON payloads that can include user data and permissions.
Provider | Required Scopes |
---|---|
Redirect users to our OAuth login page:
Users will be redirected to the selected provider's login page. After successful authentication, they'll be returned to:
Upon successful authentication, you'll receive:
The access token thus generated is automatically stored in an HTTP-only secure cookie with a 30-day expiration period. This cookie is used for subsequent API requests and authentication verification.
Include the JWT token in your API requests using the Authorization header:
Our JWTs include:
jti
: Unique identifier for the JWT
exp
: Token expiration timestamp
iat
: Token issue timestamp
nbf
: Token not valid before timestamp
identity
: Email of the token user
To refresh an expired access token:
API keys provide server-to-server authentication for automated workflows. Include them in the x-api-key
request header.
Format: 32-character alphanumeric string
Prefix: SG_
for all API keys
Example: SG_3ec0a235721add59
Include the API key in your requests:
Generate a new API key:
Revoke an API key:
Access tokens expire after 1 hour
Refresh tokens expire after 30 days
API keys don't expire but should be rotated regularly
Authentication endpoints: 5 requests/minute per IP
Token refresh: 10 requests/hour per user
API endpoints: Varies by subscription tier
Secure Storage
Never expose API keys in client-side code
Use environment variables for key storage
Rotate API keys periodically
Error Handling
Implement retry logic with exponential backoff
Handle token expiration gracefully
Monitor for suspicious activity on your token/keys in usage on console.
Common authentication errors:
For authentication issues or questions:
Email: support@segmind.com
Documentation: https://docs.segmind.com
Status page: https://status.segmind.com
Status Code | Error | Description |
---|---|---|
email
, profile
Microsoft
user.read
, profile
, email
Discord
identify
, email
, guilds
401
invalid_token
Token is invalid or expired
401
invalid_api_key
API key is invalid
403
insufficient_scope
Token lacks required permissions
429
rate_limit_exceeded
Too many requests