Authentication
API Token
Use API tokens for management operations from your backend.
Create a token: Dashboard → Account → API Keys → Create Key
Use in requests:
Authorization: Bearer cf_api_live_abc123...
Example requests
- cURL
- JavaScript
- PHP
curl https://api.consentforge.com/api/v1/properties \
-H "Authorization: Bearer cf_api_live_YOUR_TOKEN"
const res = await fetch('https://api.consentforge.com/api/v1/properties', {
headers: {
'Authorization': `Bearer ${process.env.CONSENTFORGE_API_KEY}`,
'Content-Type': 'application/json',
}
});
const data = await res.json();
$response = Http::withToken(env('CONSENTFORGE_API_KEY'))
->get('https://api.consentforge.com/api/v1/properties');
Embed Token
The embed token is your property's public identifier. It's used in the <script> tag and is safe to expose publicly — it only allows read-only runtime operations.
<script
src="https://cdn.consentforge.com/consentforge.min.js"
data-token="cf_live_PUBLIC_TOKEN"
></script>
Token scopes
When creating an API key, select the minimum scopes needed:
| Scope | Access |
|---|---|
properties:read | List and view properties |
properties:write | Create and update properties |
policies:read | View policies |
policies:write | Create, publish, rollback policies |
receipts:read | View consent receipts |
receipts:export | Export receipts |
webhooks:read | View webhook config |
webhooks:write | Create and update webhooks |
users:read | List users |
users:write | Invite and manage users |
admin | Full access (use sparingly) |