Overview
Authentication
Overview
Authentication
How to authenticate with the Infisical Public API
Essentials
The Public API accepts multiple modes of authentication being via API Key, Service Account credentials, or Infisical Token.
- API Key: Provides full access to all endpoints representing the user.
- Service Account: Provides scoped access to an organization and select projects representing a machine such as a VM or application client.
- Infisical Token: Provides short-lived, scoped CRUD access to the secrets of a specific project and environment.
Use Cases
Depending on your use case, it may make sense to use one or another authentication mode:
- API Key (not recommended): Use if you need full access to the Public API without needing to access any secrets endpoints (because API keys can’t encrypt/decrypt secrets).
- Service Account (recommeded): Use if you need access to multiple projects and environments in an organization; service accounts can generate short-lived access tokens, making them useful for some complex setups.
- Service Token (recommeded): Use if you need short-lived, scoped CRUD access to the secrets of a specific project and environment.