Skip to main content

Authentication

Gumnut supports multiple authentication methods to suit different use cases. Choose the method that best fits your application.

Authentication Methods

API Keys

API keys provide simple, direct authentication for server-side applications. They’re ideal for scripts, automation, CI/CD pipelines, and backend services. API keys use the format apikey_... and are passed as Bearer tokens in the Authorization header. Learn more about API Keys →

OAuth 2.1

Gumnut implements OAuth 2.1 for secure, user-facing authentication. OAuth is ideal for web applications, mobile apps, and third-party integrations that need to act on behalf of a user. OAuth supports granular scopes to control access to specific resources. Learn more about OAuth →

Session Tokens

For web applications, session tokens are automatically managed through cookies. This is used internally by Gumnut’s web interface.

Choosing a Method

MethodBest forSetup
API KeysServer-side apps, scripts, automationCreate in Dashboard
OAuth 2.1User-facing apps, third-party integrationsRegister OAuth application
Session TokensWeb applicationsAutomatic via cookies

Security

  • All API requests must use HTTPS. HTTP requests will be rejected.
  • Authentication does not bypass rate limits. See Rate Limiting for current limits.