Skip to main content
EngageFabric supports multiple authentication methods depending on your use case:

API Keys

For server-to-server communication and backend integrations

JWT Tokens

For admin console access and user authentication

OAuth2

Sign in with Google or GitHub for seamless onboarding

API Key Authentication

API keys are the recommended way to authenticate your application with EngageFabric. They are project-specific and should be kept secure on your server.

Getting Your API Key

  1. Log in to the Admin Console
  2. Navigate to your project
  3. Go to Settings > API Keys
  4. Copy your API key

Using API Keys

Include your API key in the X-API-Key header:

API Key Types

Security Best Practices:
  • Never expose API keys in client-side code
  • Rotate keys regularly
  • Use environment variables to store keys
  • Use test keys for development

OAuth2 Authentication

EngageFabric supports OAuth2 authentication with Google and GitHub for seamless user onboarding. This is the recommended method for signing up and logging into the admin console.

Supported Providers

Initiating OAuth Flow

Redirect users to the OAuth endpoint to begin authentication:

Flow Types

OAuth Callback

After successful authentication, users are redirected to your redirect_uri with tokens:

Getting Available Providers

Check which OAuth providers are enabled:
Response:
OAuth is the recommended way to create an EngageFabric account. After signup, users can also set a password for email/password login.

JWT Authentication

JWT (JSON Web Tokens) are used for authenticating admin console users and can be used for WebSocket connections.

Obtaining a JWT Token

Response:

Using JWT Tokens

Include the token in the Authorization header:

Token Expiration


WebSocket Authentication

For real-time features, authenticate WebSocket connections with a short-lived JWT:
WebSocket tokens have a shorter expiration (15 minutes) for security. Implement token refresh logic in your application.

Role-Based Access Control (RBAC)

EngageFabric implements RBAC for tenant management:

Rate Limits

API requests are rate-limited based on your project tier: When rate limited, you’ll receive a 429 Too Many Requests response with headers:
Implement exponential backoff when you receive rate limit errors.

Error Responses

Authentication errors return standard error responses: