Authentication Overview
OrcaRail API supports two authentication methods for different use cases. Sign in at the Dashboard; dashboard access uses Bearer tokens (obtained when you sign in). If this is your first time signing in, you must create an organization before you can continue using the dashboard or create API keys.
Authentication Methods
1. Bearer Token (JWT)
Use Bearer tokens for user-authenticated requests, such as when a logged-in user creates a Payment Intent or manages resources in their organization.
Use Case: User-facing applications, dashboard access, user-specific operations
Header Format:
Authorization: Bearer YOUR_JWT_TOKEN
2. API Key (Basic Auth)
Use API keys for server-to-server requests, such as backend services making API calls. API keys are created within an organization.
Use Case: Server-to-server communication, automated processes, webhooks
Header Format:
Authorization: Basic base64(key:secret)
Choosing an Authentication Method
| Scenario | Recommended Method |
|---|---|
| User creates payment from your app | Bearer Token (JWT) |
| Backend service creates payments | API Key (Basic Auth) |
| Dashboard access | Bearer Token (JWT) |
| Webhook processing | API Key (Basic Auth) |
| Mobile app API calls | Bearer Token (JWT) |
Next Steps
- API Keys - Learn how to create and use API keys
- Bearer Tokens - Learn how to authenticate with JWT tokens