Every request to the DeepCurrent API must include an Authorization header. DeepCurrent supports two authentication methods depending on your use case.
API keys are the recommended method for programmatic access and server-to-server integrations. Your key starts with dc_ and never expires unless you request a new one.Pass your API key as a Bearer token on every request:Authorization: Bearer dc_your_api_key_here
curl -X GET https://api.deepcurrent.app/api/v1/users/me \
-H "Authorization: Bearer dc_your_api_key_here"
import requests
headers = {"Authorization": "Bearer dc_your_api_key_here"}
response = requests.get("https://api.deepcurrent.app/api/v1/users/me", headers=headers)
JWT tokens are short-lived tokens issued after you log in with your email and password. They are suited for browser-based access or situations where you want a session that automatically expires.Step 1 — Exchange credentials for a tokenSend a POST request to /api/v1/login/access-token with your credentials encoded as application/x-www-form-urlencoded. Use username for your email address.curl -X POST https://api.deepcurrent.app/api/v1/login/access-token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=you@example.com&password=yourpassword"
import requests
response = requests.post(
"https://api.deepcurrent.app/api/v1/login/access-token",
data={
"username": "you@example.com",
"password": "yourpassword",
},
)
token = response.json()["access_token"]
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}
curl -X GET https://api.deepcurrent.app/api/v1/users/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
JWT tokens expire after a fixed period. When your token expires, repeat the login request to get a new one.
Getting your API key
Open Settings
In the dashboard, click your profile in the top-right corner and go to Settings → API Key.
Reveal your key
Click Reveal API key. Your full API key is displayed exactly once.Copy your API key immediately and store it in a secure location such as a password manager or secrets manager. Once you close the dialog, you cannot view the key again — only the last four characters remain visible.
Use the key in your requests
Add the key to every API request as an Authorization: Bearer header.
Request parameters
The login endpoint accepts standard OAuth2 password grant fields.
Your account email address. The field is named username for OAuth2 compatibility.
Response fields
A signed JWT token. Pass this as Authorization: Bearer <token> on subsequent requests.
Error responses
| Status | Meaning |
|---|
401 Unauthorized | No credentials provided, or the API key / token is invalid. |
403 Forbidden | Credentials are valid but your account does not have access to the requested resource. This happens when a feature requires a paid plan or a specific role. |
Regenerating your API key
If your API key is compromised or lost, you can request a new one from Settings → API Key in the dashboard.
Key regeneration is handled by the DeepCurrent support team. When you submit a request, support is notified and will issue your new key. Your old key continues to work until the new one is issued and confirmed.