# Authentication Rupi supports three authentication mechanisms. They are used in different contexts and are not interchangeable. #### API Key Authentication Used for all server-to-server requests. Include the key in the `Authorization` header. ``` Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxx ``` Test environment keys are prefixed `sk_test_`. Production keys are prefixed `sk_live_`. Never use production keys in client-side code. #### SIWE (Sign-In With Ethereum) Used to authenticate a user's wallet ownership during the Connect flow. The client generates a SIWE message, the user signs it with their wallet, and the signature is submitted to Rupi for verification. Google Link is also supported **SIWE message format** ``` rupi.finance wants you to sign in with your Ethereum account: 0xUser5678...EfGh Connect your wallet to Rupi to enable income verification. URI: https://api.rupi.finance/v1/connect/wallet Version: 1 Chain ID: 137 Nonce: a8f3b2c1d4e5 Issued At: 2024-12-01T10:00:00Z Expiration Time: 2024-12-01T10:05:00Z ``` The nonce is retrieved from `GET /connect/wallet/nonce` and is valid for 5 minutes. #### OAuth 2.0 Used during the payroll connection flow. Rupi acts as the OAuth client. The user is redirected to the payroll platform's authorization page and grants Rupi read-only access to their employment records. These is in experimentation and development, those bellow reflect currently example of the function described. Supported scopes by platform: | Platform | Scope | | -------- | ------------------------------- | | Deel | `employment:read payments:read` | | Rise | `profile:read payroll:read` | | Bitwage | `account:read payroll:read` | After the OAuth callback, Rupi stores the access token internally and uses it to refresh payroll data. Access tokens are never exposed through the Rupi API. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.rupi.global/core-documentation/markdown/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.