Authentication
Authenticate your API requests.
All Bifense API endpoints require tenant context and an API key or JWT. This guide covers the authentication model and scope system you need to start making requests.
How authentication works
Create scoped API keys from the developer console, then include them in your request headers.
1. Create an API key
Generate keys with least-privilege scopes from the developer console. Each key is tied to your tenant.
2. Include in requests
Pass your API key via the X-API-Key header, or use a JWT for service-to-service authentication.
3. Scoped access
Each key has specific scopes that control which endpoints it can access. Requests outside the key's scope are rejected.
Scope model
Assign least-privilege scopes when creating API keys for your applications.
biometric:verifyCompare, verify, and bounded video/frame analysis
biometric:searchIdentify and identification status routes
biometric:enrollEnrollment, async enrollment, and template write routes
customer:readTemplate lookup and customer read routes
biometric:deleteTemplate deletion and enrolled-reference removal
Example request
A standard authenticated request using an API key.
curl -X POST https://api.bifense.ai/api/v1/compare \
-H "Content-Type: application/json" \
-H "X-API-Key: bfps_live_xxx" \
-d '{
"modality": "face",
"reference": { "imageBase64": "<base64>" },
"probe": { "imageBase64": "<base64>" }
}'Next steps
Once authenticated, explore the full API or manage your workspace.
Explore the API
Browse endpoint families, request formats, and response schemas in the API reference.
Developer console
Manage keys, test endpoints interactively, configure webhooks, and monitor usage.