Authentication - Passu API

API keys

Public API keys are:

created inside Passu
tied to a Passu user account
scoped by Passu on creation
revocable and rotatable

Users do not provision credentials directly with the underlying auth provider.

Bearer tokens

Exchange your client_id and client_secret for a bearer token:

curl --request POST \
  --url https://api.passu.ai/v1/auth/token \
  --header 'Content-Type: application/json' \
  --data '{
    "client_id": "your-client-id",
    "client_secret": "your-client-secret"
  }'

Then call the API with:

Authorization: Bearer <token>

Scope enforcement

The public API enforces fixed read scopes server-side:

read:sectors
read:companies
read:events
read:metrics
read:analyses

Access model

API keys are user-scoped. A key can only read data that the owning Passu user can access. The internal API is not part of this surface and rejects public API credentials even if a request reaches it.

Get Started

​API keys

​Bearer tokens

​Scope enforcement

​Access model

API keys

Bearer tokens

Scope enforcement

Access model