Authentication

Use Bearer tokens for public integrations, create a single Developer Portal token per workspace, and set required scopes for AI endpoints.

Summary

Public integrations use Bearer tokens. Add the token to your HTTP header and use it for every request.New Developer Portal API tokens are issued as a single access token. Copy it once when you create it and store it in your integration or secret manager. If you need to rotate or revoke it, delete the token in Sanka and create a new one.The AI endpoints at /v1/enrich and /v1/score also support Sanka internal requests authenticated with X-Workspace-Code.

Bearer token

Authorization: Bearer <access_token>

Use this header for all public Data Management requests and for OAuth calls to the AI endpoints.

Developer Portal tokens

Open Developers → API in your workspace.
Create a token and choose the permission level you need.
Copy the token immediately. For security reasons, it is shown only once.
Store it in your integration or secret manager.
If the token is exposed, shared with the wrong environment, or no longer needed, delete it and create a new token.

Use GET /v1/public/auth/whoami to verify the active token:

curl "https://api.sanka.com/v1/public/auth/whoami" \
  -H "Authorization: Bearer <access_token>"

Required scopes

POST /v1/enrich requires companies:write
POST /v1/score with object_type=company requires companies:read
POST /v1/score with object_type=deal requires cases:read

Internal auth

Sanka-owned internal tooling can call the root AI endpoints with the existing workspace header:

X-Workspace-Code: <workspace_code>

Use Bearer auth for external integrations and partner applications.

PreviousQuickstart NextBase URL