Our REST API enables your backend services to send us information we need to implement Cord, such as the identities of your users and organizations

All REST API requests must include a valid server auth token in the HTTP headers: Authorization: Bearer <SERVER_AUTH_TOKEN>.

A diagram of how project_id and secret are used to create a JWT for authenticating with Cord servers

To generate auth tokens, you'll need your project ID and secret, which you can get from the Cord console.

Never share your secret with anyone or include it in client code.

If your backend uses Node.js, Go, or Java, use our server libraries to generate server auth tokens.

Otherwise, please see our in-depth guide to authentication to learn how to generate server auth tokens.

Not finding the answer you need? Ask our Developer Community

Ask Cordy