Authentication - Dolfin AI

API Key Authentication
Required Headers
Bearer Token Authentication

API Key Authentication

All API requests are authenticated using the x-dolfin-api-key header. Your API key is distributed when your organisation is onboarded to the Dolfin platform.

curl -X GET https://api.dolfinai.co/invoices \
  -H "x-dolfin-api-key: your-api-key" \
  -H "x-dolfin-organisation-id: your-org-id"

Required Headers

Header	Description	Required
`x-dolfin-api-key`	Your API key	Yes (for all authenticated endpoints)
`x-dolfin-organisation-id`	The organisation ID to scope requests to	Yes (for most endpoints)

Some endpoints like creating organisations and creating users are exempt from the x-dolfin-organisation-id header requirement, as they operate across organisations.

Bearer Token Authentication

End users (e.g. SMB users provisioned by your platform) authenticate using Bearer JWTs. These tokens are obtained by exchanging a short-lived auth code via the POST /auth/exchange endpoint.

curl -X GET https://api.dolfinai.co/invoices \
  -H "Authorization: Bearer eyJ..." \
  -H "x-dolfin-organisation-id: your-org-id"

Bearer tokens are valid for 8 hours and contain the user’s organisation memberships and roles as claims.

Client integration guide

See the full flow for provisioning users and generating bearer tokens.

Dolfin API Documentation

Client Integration

Getting started

Documentation Index

​API Key Authentication

​Required Headers

​Bearer Token Authentication

Client integration guide

API Key Authentication

Required Headers

Bearer Token Authentication