Pular para o conteúdo
Integrações Inteligentes

Authentication

The Integrações Inteligentes API uses JWT (JSON Web Token) for stateless, secure authentication. All API requests require a valid bearer token.

Authentication Mechanism

Include your JWT token in the Authorization header of every API request:

Authorization: Bearer <your-jwt-token>

Example Request:

Terminal window
curl -X GET https://api.integracoesinteligentes.com/v1/installations \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Token Management

[!IMPORTANT] Tokens are generated and managed exclusively through the Dashboard. The API does not provide token generation endpoints.

To generate a new token:

  1. Access app.integracoesinteligentes.com
  2. Navigate to Configurações > API Keys
  3. Click Generate New Token
  4. Store the token securely—it will only be displayed once

[!CAUTION] Security Critical: Treat JWT tokens as credentials with full administrative access.

  • Never commit tokens to version control
  • Never expose tokens in client-side code (browsers, mobile apps)
  • Rotate tokens immediately if compromise is suspected
  • Use environment variables or secret management systems in production

Token Capabilities

JWT tokens provide administrative access to the platform API with the following permissions:

CapabilityDescription
Driver ManagementEnable or disable specific drivers for your account
Installation ManagementCreate new installations, update configurations, disable connections
Event HistoryQuery past events and webhook delivery logs (retention period per contract)
Webhook ConfigurationConfigure delivery endpoints and retry policies

Security Restrictions

The following operations are explicitly prohibited via JWT tokens to maintain security boundaries:

1. Dashboard Authentication

JWT tokens are designed for machine-to-machine communication only. They cannot be used to:

  • Authenticate user sessions in the Dashboard web interface
  • Access the Dashboard UI on behalf of a user

Rationale: Separating API credentials from user authentication prevents token leakage from compromising user accounts.

2. Token Generation

A JWT token cannot generate additional tokens via the API.

Rationale: This prevents a single compromised token from creating an unlimited number of derivative credentials, limiting the blast radius of a security incident.