Global API

The Crate ecosystem provides a suite of tools that can be managed programmatically. This page covers the global authentication methods that apply across all Crate modules.

API Key Authentication

For server-to-server integrations (like CI/CD pipelines or custom scripts), requests must include an API Key in the Authorization header:

Authorization: Bearer <YOUR_API_KEY>

Managing Keys

API Keys are managed directly through the Crate Dashboard:

1. Navigate to Settings > API Keys in the dashboard.
2. Click Generate New Key and provide a descriptive name (e.g., “CI/CD Pipeline”).
3. Copy the key immediately — it will never be shown again.

OAuth Device Flow

For interactive or local environments, Crate utilizes the OAuth 2.0 Device Authorization Grant (RFC 8628). This is the exact flow used by the crate login CLI command, but it can also be leveraged by your own custom client tools.

1. Request Authorization: Your client requests a device code from the Crate authentication server.
2. User Authorization: The client displays a URL and a user code. The user navigates to the URL in their browser and enters the code to authorize the device.
3. Polling: Meanwhile, the client polls the authorization server. Once the user approves the request in their browser, the server returns a secure access token to the client.

This flow ensures that you never have to handle user passwords directly in your custom CLI or local scripts.

Module-Specific APIs

If you are looking for endpoints specific to a module, please see their respective references:

• 🚀 Gateway API: Manage routes, domains, and plugins.
• 🔐 Secrets API: Manage and retrieve environment secrets.

Tagging API

Tags are a global primitive used to categorize resources (like secrets) across your organization.

List Tags

GET /organization/{id}/tags

Lists all tags created within your organization.

Response:

{
  "tags": [
    {
      "name": "backend",
      "metadata": {
        "color": "#ff0000",
        "description": "Backend services"
      }
    }
  ]
}