Authentication | Quiltt Docs

Quiltt uses two authentication scopes: Environment-level for administrative operations, and Profile-level for user-specific data access.

Link to this section#Environment Scope

Use Environment scope for administrative operations: issuing Session tokens, managing Profiles, ACH Account Numbers, and Processor Tokens.

Server-side only. Never expose your API Key in client-side code or version control.

Pass your API Key as a Bearer token:

Use Profile scope to access an individual Profile's financial data via GraphQL or pre-authenticate the Connector.

Issue Session tokens server-side, then use them client-side for GraphQL queries or Connector authentication.

Properties:

Cache tokens client-side and revoke on logout to avoid hitting rate limits. See Issuing Session Tokens for implementation.

For server-to-server Profile access without Session token rate limits, use Basic Auth with Base64-encoded profileId:API_KEY_SECRET:

Examples:

Server-side only. Never expose your API Key in client-side code or version control.

New to Quiltt authentication? Try our Authentication Tutorial for a hands-on introduction with working code examples.

Auth API Reference

For complete information on the available endpoints and schemas available in the Auth API, explore the API Reference.