Authentication
Araucaria uses two types of authentication tokens depending on the context.
API Keys
API keys are used for server-to-server communication. They are long-lived and should be kept secure on your backend.
- Format:
arau_xxxxxxxxxxxxxxxx - Pass in the
Authorizationheader as a Bearer token - Never expose in client-side code
⚠️ Important
Keep your API keys secure. Do not commit them to version control or expose them in frontend code.
Widget Tokens
Widget tokens are short-lived tokens (15 minute TTL) used to initialize the Araucaria Connect widget in your frontend.
- Format:
sess_xxxxxxxxxxxxxxxx - Obtained when creating a new connection
- Safe to use in frontend code