Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.onconsul.com/llms.txt

Use this file to discover all available pages before exploring further.

Every Consul API request is authenticated by sending a credential in the Authorization header using the Bearer scheme. Consul determines the credential type from its prefix — there is no separate auth scheme per credential. 
curl https://api.onconsul.com/v1/balance \
  -H "Authorization: Bearer $CONSUL_CREDENTIAL"

API key

A long-lived API key issued from the Consul dashboard. Cleartexts are prefixed with csl_live_…. API keys are scoped at creation time to a set of resource-scoped permissions (e.g. balance:read, payouts:write). Requests that exceed the key’s scope are rejected with 403 forbidden. You can provision and revoke API keys from the Developers section of the dashboard. The cleartext key is shown exactly once at creation time — Consul stores only an HMAC-SHA256 hash and cannot recover the original value if you lose it. 
curl https://api.onconsul.com/v1/balance \
  -H "Authorization: Bearer $CONSUL_API_KEY"

OAuth access token

For third-party apps acting on behalf of a Consul user, authenticate with a token obtained through the WorkOS Connect authorization code flow at auth.onconsul.com. 
curl https://api.onconsul.com/v1/balance \
  -H "Authorization: Bearer $OAUTH_ACCESS_TOKEN"
OAuth tokens carry the same kind of resource-scoped permissions as API keys — but the user picks them on the consent screen rather than the developer picking them at key-creation time. See the OAuth Connections guide for the full flow, including obtaining and refreshing access tokens.