Skip to main content

Authentication

Overview

The Corgea API uses API key authentication to secure access to all endpoints. Authentication is done via a custom header that must be included with every API request.

Authentication Method

API Key Header

All API requests require authentication using the CORGEA-TOKEN header:
  • Header Name: CORGEA-TOKEN
  • Type: API Key
  • Location: Request Header
  • Required: Yes (for all endpoints)

Getting Your API Token

You can obtain your API token from the Corgea web application:
  1. Log in to your Corgea account at https://www.corgea.app
  2. Navigate to Settings → API Keys
  3. Generate a new API key or copy an existing one
  4. Store it securely - treat it like a password
Never share your API token or commit it to version control. Use environment variables or secure secret management systems to store your tokens.

Making Authenticated Requests

Include your API token in the CORGEA-TOKEN header with every request: 
curl -X GET "https://www.corgea.app/api/v1/verify" \
  -H "CORGEA-TOKEN: your_api_token_here"

Verify Token

Endpoint

Verify the validity of your API token and optionally retrieve user information.
  • URL: https://www.corgea.app/api/v1/verify
  • Method: GET
  • Authentication: Required (CORGEA-TOKEN header)

Query Parameters

NameTypeRequiredDefaultDescription
user_infobooleanNofalseWhether to include user information in response

Request Examples

curl -X GET "https://www.corgea.app/api/v1/verify" \
  -H "CORGEA-TOKEN: your_api_token_here"

Response Examples

{
  "status": "ok"
}

Response Codes

Status CodeDescription
200Token is valid
401Invalid or missing authentication token

Common Authentication Errors

Missing Token

If you don’t include the CORGEA-TOKEN header, you’ll receive a 401 Unauthorized response: 
{
  "status": "error"
}

Invalid Token

If your token is invalid or expired, you’ll receive a 401 Unauthorized response: 
{
  "status": "error"
}

Best Practices

Secure Storage

Store API tokens in environment variables or secure secret management systems, never in code.

Token Rotation

Regularly rotate your API tokens to maintain security.

Least Privilege

Create separate tokens for different applications or environments.

Monitor Usage

Regularly review API token usage and revoke unused tokens.

Testing Your Token

Use the verify endpoint to test your token before making other API calls: 
curl -X GET "https://www.corgea.app/api/v1/verify?user_info=true" \
  -H "CORGEA-TOKEN: your_api_token_here"
If successful, you’ll see your user information, confirming that:
  • ✅ Your token is valid
  • ✅ Your token is properly formatted in the header
  • ✅ You can proceed with other API requests