{"templateId":"GuidePage","sharedDataIds":{"sidebar":"sidebar-developers/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["partial","endpoint-badge","split","callout"]},"type":"markdown"},"seo":{"title":"Authentication","description":"Developer API, partner integration, MCP, SDK, and customer help center.","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authentication","__idx":0},"children":["Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The public API uses ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["app tokens"]}," (JWT) created in the Karzoun Developer dashboard."]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"-H \"x-app-token: YOUR_APP_TOKEN_JWT\"\n","lang":"bash"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"request-format","__idx":1},"children":["Request format"]},{"$$mdtype":"Tag","name":"EndpointBadge","attributes":{"method":"POST","path":"/graphql"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Every GraphQL request is a JSON POST with your token in headers."]},{"$$mdtype":"Tag","name":"Split","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"required-headers","__idx":2},"children":["Required headers"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Header"},"children":["Header"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Required"},"children":["Required"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["x-app-token"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["App JWT from Developer → Apps"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Content-Type"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["application/json"]}]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"permissions","__idx":3},"children":["Permissions"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Apps can be scoped to user groups or allowed for all users. Create apps with the minimum permissions needed for your integration."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"graphql","header":{"controls":{"copy":{}}},"source":"query {\n  currentUser {\n    _id\n    email\n  }\n}\n","lang":"graphql"},"children":[]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"bash","header":{"controls":{"copy":{}}},"source":"curl -X POST 'https://YOUR_SUBDOMAIN.api.karzoun.chat/graphql' \\\n  -H 'Content-Type: application/json' \\\n  -H 'x-app-token: YOUR_APP_TOKEN' \\\n  -d '{\"query\":\"query { currentUser { _id email } }\"}'\n","lang":"bash"},"children":[]}]},{"$$mdtype":"Tag","name":"Callout","attributes":{"type":"tip","title":"Verify your token"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Use the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["currentUser"]}," query to confirm authentication before building integrations."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"security","__idx":4},"children":["Security"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Never expose app tokens in browser-side code"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use MCP and server-side agents with tokens on the backend only"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Rotate tokens by creating a new app and revoking the old one"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"next-steps","__idx":5},"children":["Next steps"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/developers/getting-started/quickstart"},"children":["Quickstart"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"a","attributes":{"href":"/developers/apis/public-api"},"children":["GraphQL API Reference"]}]}]}]},"headings":[{"value":"Authentication","id":"authentication","depth":1},{"value":"Request format","id":"request-format","depth":2},{"value":"Required headers","id":"required-headers","depth":3},{"value":"Permissions","id":"permissions","depth":3},{"value":"Security","id":"security","depth":2},{"value":"Next steps","id":"next-steps","depth":2}],"frontmatter":{"title":"Authentication","titleTranslationKey":"sidebar.developers.authentication","description":"App tokens and request headers for the public API.","audience":"developer","status":"published","locales":["en","ar"],"template":"GuidePage","seo":{"title":"Authentication"}},"lastModified":"2026-06-23T12:06:12.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/developers/getting-started/authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}