UltraReach.ai

Authentication

Learn how to authenticate with UltraReach.ai's API and implement secure access control for your integration.

Authentication Methods

API Keys

For server-to-server communication

OAuth 2.0

For user-based authentication

JWT Tokens

For session management

SSO

For enterprise customers

API Key Authentication

# HTTP Request
GET /api/v1/leads
Authorization: Bearer YOUR_API_KEY

# cURL Example
curl -X GET \
  https://api.ultrareach.ai/v1/leads \
  -H 'Authorization: Bearer YOUR_API_KEY'

OAuth 2.0 Implementation

1. Authorization Request

GET https://auth.ultrareach.ai/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &response_type=code
  &redirect_uri=https://your-app.com/callback
  &scope=leads.read properties.write
  &state=random_state_string

2. Token Exchange

POST https://auth.ultrareach.ai/oauth/token
{
  "grant_type": "authorization_code",
  "code": "AUTH_CODE",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "redirect_uri": "https://your-app.com/callback"
}

3. Access Token Response

{
  "access_token": "ACCESS_TOKEN",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "REFRESH_TOKEN",
  "scope": "leads.read properties.write"
}

4. Token Refresh

POST https://auth.ultrareach.ai/oauth/token
{
  "grant_type": "refresh_token",
  "refresh_token": "REFRESH_TOKEN",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET"
}

Available Scopes

  • leads.read
  • leads.write
  • properties.read
  • properties.write
  • analytics.read

Security Measures

  • HTTPS only
  • Rate limiting
  • IP whitelisting
  • Audit logging

Error Handling

401Invalid credentials
403Insufficient scope
429Rate limit exceeded

Best Practices

Key Management

Rotate keys regularly and use environment variables

Token Storage

Store tokens securely and never expose in client-side code

Scope Usage

Request minimum required scopes for your application

Error Handling

Implement proper error handling and token refresh logic