Authentication
API keys, JWT bearer tokens, and OIDC login.
Crowdee supports three authentication methods. API keys are the recommended approach for programmatic access — they are simple, scoped, and easily rotated. JWT bearer tokens are available for server-side code already managing an OIDC session. OIDC browser login powers the Crowdee dashboard itself.
API Keys
Generate an API key from the dashboard at Settings → Integrations → API Keys. Keys are prefixed with crw_ followed by 32 random bytes encoded as base64url.
Send the key in the X-API-Key header:
curl https://api.crowdee.ai/v2/projects \
-H "X-API-Key: crw_YOUR_API_KEY"Alternatively, use the Authorization header with the ApiKey scheme:
curl https://api.crowdee.ai/v2/projects \
-H "Authorization: ApiKey crw_YOUR_API_KEY"Keys can be scoped to a specific organization and assigned a role. When a key has a role assigned, the effective permission is the lower of the key role and the user's membership role in that organization — a key cannot grant more access than the account itself holds.
Store API keys in environment variables or a secrets manager. Never hard-code them in source files or commit them to version control. If a key is exposed, rotate it immediately from the dashboard.
Keys can also be rotated programmatically — see API Key Rotation below.
JWT Bearer Tokens
JWT tokens are short-lived tokens issued by the Crowdee OIDC provider and signed with HS256. Send them as a bearer token:
curl https://api.crowdee.ai/v2/projects \
-H "Authorization: Bearer <token>"The Crowdee platform frontend handles token issuance and automatic refresh. This method is most appropriate for server-side code that already participates in an OIDC session — for example, a backend service acting on behalf of an authenticated user. For standalone integrations, API keys are simpler.
OIDC (Browser Login)
The Crowdee dashboard uses OIDC for browser authentication. When you log in at crowdee.ai, your session is managed automatically. You do not need to configure OIDC manually for API integrations.
Role Permissions
Every API key and organization member has a role. Roles are additive — higher roles include all permissions of lower roles.
| Role | Read data | Run pipelines | Manage projects | Manage org | Admin actions |
|---|---|---|---|---|---|
| viewer | ✓ | — | — | — | — |
| user | ✓ | ✓ | ✓ | — | — |
| admin | ✓ | ✓ | ✓ | ✓ | — |
| superadmin | ✓ | ✓ | ✓ | ✓ | ✓ |
- viewer — read-only access to data within the organization's projects
- user — standard access; can upload files, start verification runs, and create/edit projects
- admin — all user permissions plus the ability to manage organization settings and invite members
- superadmin — full platform access including internal administration actions
API Key Rotation
Rotate a key by calling:
curl -X POST https://api.crowdee.ai/v2/users/me/api-keys/{keyId}/rotate \
-H "X-API-Key: crw_YOUR_API_KEY"The response contains the new key value. The old key is immediately invalidated upon rotation.
Update all integrations that use the key before rotating. There is no grace period — the old key stops working the moment rotation completes.
How is this guide?
Quickstart
Run your first verification in under 5 minutes.
Organizations
Billing entities, modules, and member management.