API Key Flow
The API key flow is Encrata’s primary authentication path for agents. The agent logs in with user credentials, creates a long-lived API key, and uses it for all subsequent requests. No human interaction required after initial setup.
When to use it
- Your agent needs autonomous, long-lived access to Encrata’s lookup APIs
- You want zero-friction operation - authenticate once, operate indefinitely
- Your agent runs on any platform - MCP servers, custom scripts, LLM integrations, orchestration frameworks
How it works
- Agent hits the login endpoint with user credentials
- Encrata returns a session token
- Agent creates a named API key using the session token
- Agent uses the API key as a Bearer token for all subsequent calls
- API key doesn’t expire agent operates indefinitely until revoked
Step 1: Authenticate
Success response:
Step 2: Create an API key
Success response:
The API key is returned exactly once. Store it securely it cannot be retrieved again.
Step 3: Operate
Use the API key as a Bearer token on every request:
What you get
- Immediate access - no approval workflow, no waiting
- All endpoints - email, phone, IP, domain, company, Google, dark web, username
- Credit-based - each lookup deducts from your balance
- No expiration - keys stay valid until explicitly revoked
Credential lifecycle
Errors
Security considerations
- Store keys securely treat API keys as secrets, never commit to source control
- Use named keys create descriptive names so users can identify and revoke agent keys
- Monitor usage agents should check credits periodically to avoid unexpected failures
- Handle revocation gracefully if a 401 is received on a previously-working key, the agent should notify the user rather than attempting to re-create keys