Crowdee
Getting Started

Authentication

API keys, JWT bearer tokens, and OIDC login.

Crowdee supports three authentication methods. API keys are the recommended approach for programmatic access — they are simple, scoped, and easily rotated. JWT bearer tokens are available for server-side code already managing an OIDC session. OIDC browser login powers the Crowdee dashboard itself.

API Keys

Generate an API key from the dashboard at Settings → Integrations → API Keys. Keys are prefixed with crw_ followed by 32 random bytes encoded as base64url.

Send the key in the X-API-Key header:

curl https://api.crowdee.ai/v2/projects \
  -H "X-API-Key: crw_YOUR_API_KEY"

Alternatively, use the Authorization header with the ApiKey scheme:

curl https://api.crowdee.ai/v2/projects \
  -H "Authorization: ApiKey crw_YOUR_API_KEY"

Keys can be scoped to a specific organization and assigned a role. When a key has a role assigned, the effective permission is the lower of the key role and the user's membership role in that organization — a key cannot grant more access than the account itself holds.

Store API keys in environment variables or a secrets manager. Never hard-code them in source files or commit them to version control. If a key is exposed, rotate it immediately from the dashboard.

Keys can also be rotated programmatically — see API Key Rotation below.

JWT Bearer Tokens

JWT tokens are short-lived tokens issued by the Crowdee OIDC provider and signed with HS256. Send them as a bearer token:

curl https://api.crowdee.ai/v2/projects \
  -H "Authorization: Bearer <token>"

The Crowdee platform frontend handles token issuance and automatic refresh. This method is most appropriate for server-side code that already participates in an OIDC session — for example, a backend service acting on behalf of an authenticated user. For standalone integrations, API keys are simpler.

OIDC (Browser Login)

The Crowdee dashboard uses OIDC for browser authentication. When you log in at crowdee.ai, your session is managed automatically. You do not need to configure OIDC manually for API integrations.

Role Permissions

Every API key and organization member has a role. Roles are additive — higher roles include all permissions of lower roles.

RoleRead dataRun pipelinesManage projectsManage orgAdmin actions
viewer
user
admin
superadmin
  • viewer — read-only access to data within the organization's projects
  • user — standard access; can upload files, start verification runs, and create/edit projects
  • admin — all user permissions plus the ability to manage organization settings and invite members
  • superadmin — full platform access including internal administration actions

API Key Rotation

Rotate a key by calling:

curl -X POST https://api.crowdee.ai/v2/users/me/api-keys/{keyId}/rotate \
  -H "X-API-Key: crw_YOUR_API_KEY"

The response contains the new key value. The old key is immediately invalidated upon rotation.

Update all integrations that use the key before rotating. There is no grace period — the old key stops working the moment rotation completes.

How is this guide?

© 2026 Crowdee GmbH. All rights reserved.

On this page