Skip to content

Authentication

Current MVP

API key-based authentication is available from Phase 3. OAuth2 with JWT and RBAC are added in Phase 4.

Authentication Methods

API Key (Developer API)

Include your API key in every request via the X-API-Key header:

curl -H "X-API-Key: YOUR_API_KEY" \
     https://api.finsight.dev/v1/companies

JWT (Dashboard / Session)

Planned Architecture (Future Phases)

JWT-based session auth for the web dashboard is implemented in Phase 4.

Obtaining an API Key

Role-Based Access Control (RBAC)

Planned Architecture (Future Phases)

RBAC with Keycloak or Auth0 is implemented in Phase 4.

Role Access Level
anonymous Public landing page only
free Basic company metrics, limited API
paid Full dashboard, deep analytics, full API
admin All resources + user management

Token Expiry and Refresh

Security Best Practices