Auth-Edge mints the bearer tokens that authorize every other Infra API call. You exchange your project API key for a short-lived access token using the OAuth 2.0 client_credentials grant, then send that token on each subsequent request. See Authentication for the full flow.

The access token object

Returned by Generate token.
AttributeTypeDescription
access_tokenstringSigned JWT to send as Authorization: Bearer <access_token>.
token_typestringAlways Bearer.
expires_inintegerToken lifetime in seconds (e.g. 600 = 10 minutes).
scopestringGranted scope. Omitted for unscoped, full-access tokens.
The JWT encodes your businessId, keyId, the environment (live / test), the granted scope, and an aud (audience). Downstream services read these claims to enforce project context and capabilities — you never send them yourself.
Tokens are short-lived. Mint a new one when the current token expires rather than caching a long-lived credential. The token endpoint is rate-limited to 30 requests per minute per IP.