Authentication
Learn how to authenticate with the Enrich Engine API.
Session-Based Authentication
The dashboard and web application use session-based authentication. When you log in, a session cookie is set that's automatically included in subsequent requests.
For API requests from the browser, include credentials: 'include' in your fetch options:
Browser Request with Sessionjavascript
const response = await fetch('https://api.enrichengine.io/api/search/people', {
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
role: 'VP of Sales',
company: 'Anthropic'
})
});API Key Authentication
For external integrations (like GTM Dialer or custom scripts), use API key authentication. API keys provide scoped access to specific resources.
Creating an API Key
- Go to Settings > API Keys in the dashboard
- Click Create API Key
- Enter a name and select the required scopes
- Copy the key immediately — it won't be shown again
Using the API Key
Include your API key in the X-API-Key header:
cURL Requestbash
curl -X GET "https://api.enrichengine.io/api/external/lists" \
-H "X-API-Key: ee_live_xxxxxxxxxxxxx"JavaScript Requestjavascript
const response = await fetch('https://api.enrichengine.io/api/external/lists', {
headers: {
'X-API-Key': 'ee_live_xxxxxxxxxxxxx'
}
});API Key Scopes
API keys can be created with specific scopes to limit access:
| Scope | Description |
|---|---|
| lists:read | Read access to lists and their leads |
| lists:write | Create, update, and delete lists |
| leads:read | Read access to lead data |
| leads:write | Create, update, and delete leads |
Security Best Practices
- Never expose API keys in client-side code or public repositories
- Use environment variables to store API keys
- Create separate keys for different integrations
- Use the minimum required scopes for each key
- Rotate keys periodically and revoke unused keys
- Set expiration dates on keys when possible