Skip to main content
The Credentials Portal API supports two authentication methods: session tokens (for user sessions) and API keys (for programmatic integrations). API keys are long-lived credentials designed for server-to-server integrations. Create and manage them from Settings → API Keys in the app (admin access required). API keys use the prefix ck_ followed by a random string: 
ck_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Using an API key

Include the key as a Bearer token in the Authorization header: 
Authorization: Bearer ck_your_api_key_here

API key scopes

Each key is created with specific scopes that limit what it can do:
ScopeAccess
read:peopleList and get people
write:peopleCreate and update people
read:interviewsList and get interviews
write:interviewsCreate and update interviews
Store API keys securely. They grant access to your district’s data. Revoke any key that may have been compromised from Settings → API Keys.

Session tokens (for user-facing apps)

Session tokens are issued after a user completes email verification. They expire after 30 days.

Request a login code

curl -X POST https://app.credentialsportal.com/api/auth/request \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'
Response: 
{
  "ok": true,
  "message": "Check your email"
}

Verify the code

curl -X POST https://app.credentialsportal.com/api/auth/verify \
  -H "Content-Type: application/json" \
  -d '{"code": "123456"}'
Response: 
{
  "ok": true,
  "token": "your_session_token_here",
  "person": {
    "id": "abc12",
    "first": "Jane",
    "last": "Doe",
    "email": "user@example.com",
    "language": "en",
    "roles": { "1a": 1 },
    "district_id": "xyz99"
  },
  "district": {
    "id": "xyz99",
    "name": { "en": "My District" },
    "accent": "#6e5dec",
    "languages": ["en"],
    "billing_plan": "pro"
  }
}
Users clicking the magic link in their email hit: 
GET /api/auth/verify/:token
This returns the same response as code verification.

Sign out

curl -X POST https://app.credentialsportal.com/api/auth/logout \
  -H "Authorization: Bearer your_session_token"
Response: 
{ "ok": true }

Token TTLs

Token typeLifetime
Session token30 days
Login code10 minutes
Magic link30 minutes
API keyDoes not expire (until revoked)

Get the current user

curl https://app.credentialsportal.com/api/me \
  -H "Authorization: Bearer your_token"
Response: 
{
  "person": {
    "id": "abc12",
    "first": "Jane",
    "last": "Doe",
    "email": "user@example.com",
    "language": "en",
    "roles": { "1a": 1 },
    "district_id": "xyz99"
  },
  "districtId": "xyz99"
}