search
WebsiteConsole

Authentication

hashtag
Segmind Cloud Authentication Documentation

hashtag
Overview

This document details the authentication methods supported by Segmind Platform:

  • OAuth 2.0 social login (Google, Microsoft, Discord)

  • Bearer token authentication using JWT

  • API key authentication for server-to-server communication

Social logins provide a seamless and secure authentication experience by leveraging existing accounts from trusted providers, eliminating the need for users to create and remember additional credentials.

JSON Web Tokens (JWT) are compact, URL-safe tokens that enable secure information transmission between parties, containing encoded JSON payloads that can include user data and permissions.

hashtag
OAuth Authentication

hashtag
Supported Providers and Scopes

Provider
Required Scopes

Google

email, profile

Microsoft

user.read, profile, email

Discord

identify, email, guilds

hashtag

hashtag
OAuth Login Process

  1. Redirect users to our OAuth login page:

  1. Users will be redirected to the selected provider's login page. After successful authentication, they'll be returned to:

  1. Upon successful authentication, you'll receive:

The access token thus generated is automatically stored in an HTTP-only secure cookie with a 30-day expiration period. This cookie is used for subsequent API requests and authentication verification.

hashtag
Bearer Token Authentication

hashtag
Using Bearer Tokens

Include the JWT token in your API requests using the Authorization header:

hashtag
Token Format

Our JWTs include:

  • jti: Unique identifier for the JWT

  • exp: Token expiration timestamp

  • iat: Token issue timestamp

  • nbf: Token not valid before timestamp

  • identity: Email of the token user

hashtag
Token Renewal

To refresh an expired access token:

hashtag
API Key Authentication

hashtag
Overview

API keys provide server-to-server authentication for automated workflows. Include them in the x-api-key request header.

hashtag
API Key Format

  • Format: 32-character alphanumeric string

  • Prefix: SG_ for all API keys

  • Example: SG_3ec0a235721add59

hashtag
Using API Keys

Include the API key in your requests:

hashtag
API Key Management

Generate a new API key:

Revoke an API key:

hashtag
Security Guidelines

hashtag
Token Lifecycle

  • Access tokens expire after 1 hour

  • Refresh tokens expire after 30 days

  • API keys don't expire but should be rotated regularly

hashtag
Rate Limits

  • Authentication endpoints: 5 requests/minute per IP

  • Token refresh: 10 requests/hour per user

  • API endpoints: Varies by subscription tier

hashtag
Best Practices while using the platform

  1. Secure Storage

    • Never expose API keys in client-side code

    • Use environment variables for key storage

    • Rotate API keys periodically

  2. Error Handling

    • Implement retry logic with exponential backoff

    • Handle token expiration gracefully

    • Monitor for suspicious activity on your token/keys in usagearrow-up-right on console.

hashtag
Error Responses

Common authentication errors:

Status Code
Error
Description

401

invalid_token

Token is invalid or expired

401

invalid_api_key

API key is invalid

403

insufficient_scope

Token lacks required permissions

429

rate_limit_exceeded

Too many requests

hashtag
Code Examples

hashtag
Python

hashtag
Node.js

hashtag
Support

For authentication issues or questions:

  • Email: [email protected]

  • Documentation: https://docs.segmind.com

  • Status page: https://status.segmind.com

PreviousSupportNextPricing and Billing

Last updated