Authentication

Secure your API integrations with proper authentication.

API Keys

Creating an API Key

1. 1.Go to Settings > API Keys
2. 2.Click Create API Key
3. 3.Enter a name (e.g., "Production Integration")
4. 4.Select permissions
5. 5.Click Create
6. 6.Copy the key immediately (shown once only)

API Key Permissions

Choose what the key can access:

• •Read Claims - View claim data
• •Write Claims - Create/update claims
• •Read Orders - Access order information
• •Read Analytics - View reports
• •Full Access - All permissions

Using API Keys

Include in request header:

Authorization: Bearer sk_live_abc123...

Or as query parameter (not recommended):

?api_key=sk_live_abc123...

OAuth 2.0 (Enterprise)

For user-level authentication:

Authorization Flow

1. 1.Redirect user to:

https://app.claimport.io/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  response_type=code&
  scope=claims:read claims:write

1. 1.User authorizes your app
2. 2.Receive authorization code
3. 3.Exchange for access token:

POST https://api.claimport.io/oauth/token
{
  "grant_type": "authorization_code",
  "code": "AUTHORIZATION_CODE",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET"
}

Using Access Tokens

Authorization: Bearer ACCESS_TOKEN

Refreshing Tokens

Access tokens expire after 1 hour:

POST https://api.claimport.io/oauth/token
{
  "grant_type": "refresh_token",
  "refresh_token": "REFRESH_TOKEN",
  "client_id": "YOUR_CLIENT_ID"
}

Security Best Practices

1. 1.Never expose keys in client-side code
2. 2.Use environment variables for storage
3. 3.Rotate keys regularly - Every 90 days recommended
4. 4.Use minimum permissions - Only what's needed
5. 5.Monitor usage - Watch for unusual activity
6. 6.Use HTTPS only - Never send keys over HTTP