Overview
Authentication

Essentials

The Public API accepts multiple modes of authentication being via API Key, Service Account credentials, or Infisical Token.

  • API Key: Provides full access to all endpoints representing the user.
  • Service Account: Provides scoped access to an organization and select projects representing a machine such as a VM or application client.
  • Infisical Token: Provides short-lived, scoped CRUD access to the secrets of a specific project and environment.

Use Cases

Depending on your use case, it may make sense to use one or another authentication mode:

  • API Key (not recommended): Use if you need full access to the Public API without needing to access any secrets endpoints (because API keys can’t encrypt/decrypt secrets).
  • Service Account (recommeded): Use if you need access to multiple projects and environments in an organization; service accounts can generate short-lived access tokens, making them useful for some complex setups.
  • Service Token (recommeded): Use if you need short-lived, scoped CRUD access to the secrets of a specific project and environment.