The Kosli API supports two authentication methods:
| Method | Status | When to use |
|---|
| Bearer token | Recommended | All new integrations. Works for service account and personal API keys. |
| HTTP basic auth | Legacy | Fallback for tools that cannot send an Authorization: Bearer header. |
If you are integrating Kosli for the first time, use bearer tokens. Basic auth remains supported for backwards compatibility but is not the recommended path.
Bearer token
Bearer tokens work with both service account and personal API keys.
In the CLI
Pass the token to any kosli command using one of:
In API requests
Send the token in the Authorization header:
curl -H "Authorization: Bearer <<your-api-key>>" \
https://app.kosli.com/api/v2/environments/<<your-org-name>>
HTTP basic auth
HTTP basic auth is a legacy method kept for backwards compatibility with tools that cannot send an Authorization: Bearer header. For all new integrations, use bearer tokens instead.
curl -u "<<your-api-key>>:" \
https://app.kosli.com/api/v2/environments/<<your-org-name>>
The trailing colon (:) is required. Without it, curl treats the whole string as a username with no password and prompts interactively for one — at which point the API key may already be visible in the prompt or shell history (especially when the key comes from an environment variable). The value after the colon can be anything, including empty; Kosli ignores it.
Authorization header directly with the base64-encoded <<your-api-key>>: string:
curl -H "Authorization: Basic $(printf '%s:' "<<your-api-key>>" | base64)" \
https://app.kosli.com/api/v2/environments/<<your-org-name>>
