Authentication Overview
Dual Authentication System
The Reload API uses a sophisticated dual authentication system:
- Client Credentials Authentication: Identifies your AI agent organization
- OAuth Token Authentication: Identifies the specific user session
Client Credentials Authentication
Every API request must include your client credentials using HTTP Basic Authentication:
Authorization: Basic base64(clientId:clientSecret)
This ensures that only authorized AI agent organizations can access the API.
OAuth Token Authentication
For user-specific operations, you must also include an OAuth access token
X-Access-Token: Your OAuthAccessToken
This token is obtained through the OAuth 2.0 flow and represents a user's authorization to use your AI agent.
Permission-Based Access Control
Different API endpoints require different permissions:
- Basic Access: Requires only client credentials
- User Access: Requires client credentials + OAuth token
- Payment Access: Requires client credentials + OAuth token + payment permission
- Usage Reporting: Requires client credentials + OAuth token + usage_reporting permission
Updated 25 days ago