Skip to main content

API Key Flow

The API key flow is Encrata’s primary authentication path for agents. The agent logs in with user credentials, creates a long-lived API key, and uses it for all subsequent requests. No human interaction required after initial setup.

When to use it

  • Your agent needs autonomous, long-lived access to Encrata’s lookup APIs
  • You want zero-friction operation - authenticate once, operate indefinitely
  • Your agent runs on any platform - MCP servers, custom scripts, LLM integrations, orchestration frameworks

How it works

  1. Agent hits the login endpoint with user credentials
  2. Encrata returns a session token
  3. Agent creates a named API key using the session token
  4. Agent uses the API key as a Bearer token for all subsequent calls
  5. API key doesn’t expire agent operates indefinitely until revoked

Step 1: Authenticate

Success response:

Step 2: Create an API key

Success response:
The API key is returned exactly once. Store it securely it cannot be retrieved again.

Step 3: Operate

Use the API key as a Bearer token on every request:

What you get

  • Immediate access - no approval workflow, no waiting
  • All endpoints - email, phone, IP, domain, company, Google, dark web, username
  • Credit-based - each lookup deducts from your balance
  • No expiration - keys stay valid until explicitly revoked

Credential lifecycle

Errors

Security considerations

  • Store keys securely treat API keys as secrets, never commit to source control
  • Use named keys create descriptive names so users can identify and revoke agent keys
  • Monitor usage agents should check credits periodically to avoid unexpected failures
  • Handle revocation gracefully if a 401 is received on a previously-working key, the agent should notify the user rather than attempting to re-create keys