Authentication & Authorization
Protecto uses token-based authentication for all API access. Every request is authenticated and authorized server-side before any masking or unmasking occurs.
Protecto uses token-based authentication to secure all API access. Every request is authenticated, authorized, and evaluated server-side before any masking or unmasking occurs.
API Tokens & Headers
How to obtain and send your bearer token with every request.
Permissions & Scopes
How permissions control which operations your token can perform.
Token Expiry & Rotation
Best practices for managing token lifetime and rotation.
Authentication Errors
How to debug and resolve authentication failures.
How authentication works
All Protecto APIs require an authentication token. Requests without a valid token are rejected before any processing occurs.
Authentication determines:
- Who is making the request
- Which namespace the request belongs to
- What permissions apply
Authorization is evaluated after authentication, based on permissions and policies.
Key takeaways
- All Protecto APIs require authentication
- API tokens are sent via the
Authorizationheader as a bearer token - Permissions are evaluated after authentication
- Unmasking requires explicit permission — masking permission alone is not sufficient
- Tokens must be rotated and protected like passwords
Last updated 3 weeks ago
Built with Documentation.AI