Skip to main content
abm.dev
5 min read

Authentication

Learn about API keys, JWT tokens, and how to securely access the ABM.dev API.

Authentication Methods

ABM.dev supports two authentication methods depending on your use case:

API Keys

Best for server-to-server integrations and backend services.

Recommended

JWT Tokens

For user-authenticated sessions via the portal dashboard.

Portal Only

API Keys

API keys are the primary way to authenticate with the ABM.dev API. They are scoped to your organization and can be managed from your dashboard.

Creating an API Key

  1. Go to your API Keys page
  2. Click "Create New Key"
  3. Give your key a descriptive name (e.g., "Production Server")
  4. Copy and securely store the key - it won't be shown again

Using API Keys

Include your API key in the Authorization header:

Bearer Token Authentication
curl https://api.abm.dev/v1/enrich \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

Security

Never expose your API key in client-side code, public repositories, or logs. Use environment variables and server-side requests only.

Alternative: X-API-Key Header

You can also use the x-api-key header:

X-API-Key Header
curl https://api.abm.dev/v1/enrich \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

Organization Context

All API requests are scoped to your organization. Your API key is linked to your organization, so all enrichment data and usage is tracked at the organization level.

What's tracked per organization:

  • API usage and rate limits
  • API keys and permissions
  • CRM integrations (HubSpot, etc.)
  • Encrypted credentials for integrations

Rate Limits

API requests are rate-limited based on your subscription plan:

PlanRequests/MinMonthly Limit
Free10100 enrichments
Starter601,000 enrichments
Pro30010,000 enrichments
EnterpriseCustomUnlimited

Rate Limit Headers

Check the X-RateLimit-Remaining and X-RateLimit-Reset response headers to monitor your usage.

Authentication Errors

401 Unauthorized

Missing or invalid API key. Check that your key is correctly formatted.

403 Forbidden

Your API key doesn't have permission for this resource or your plan doesn't include this feature.

429 Too Many Requests

Rate limit exceeded. Wait for the reset time indicated in the response headers.

Continue Learning

Getting Started

Make your first API call

Manage API Keys

Create and manage your keys