Authentication

Overview

Kensho uses OpenID Connect (OIDC) (opens in a new tab), for authentication and authorization. OIDC is an industry-standard identity layer built on top of the OAuth2.0 framework. OAuth 2.0 (opens in a new tab) defines access tokens and refresh tokens for validation. The OAuth 2.0 specification can be found here (opens in a new tab)

Authenticating to Kensho APIs

Developing against Kensho APIs requires authenticated access. There are two primary approaches to authenticating to Kensho APIs:

  • Public-private keypairs are the recommended solution for production workflows and long-term, unattended usage of the APIs.
  • Refresh tokens are suitable for testing and development. Refresh tokens are not recommended for production use.