Enspace
    Enspace
    • Introduction
    • Authentication
    • Concepts
    • First Steps
    • Workspaces
      • Types
        • Fields
          • List Fields
          • Create Field
          • Get Field
          • Field Updated
          • Delete Field
        • Items
          • List Items
          • Create Item
          • Count Items
          • Get Item
          • Update Item
          • Delete item
        • List Types
        • Count Types
        • Get specific Type
        • Create Type
        • Update Type
        • Delete Type
      • Members
        • List Members
        • Count Members
        • Get Member
        • New Member
        • Update Member
        • Remove Member
      • Roles
        • List roles
        • Create role
        • Get specific job title
        • Count positions
        • Update job title
        • Delete role
        • List Role Permissions
        • Add Permission to Role
        • Remove Role Permission
      • Member Groups
        • List groups
        • New group
        • Get group
        • Update group
        • Delete group
        • Add Users
        • Remove Users
      • List Workspaces
        GET
      • Workspace Context
        GET
      • New Workspace
        POST
      • Leave the workspace
        POST
      • Workspace Statistics
        GET
      • Workspace Deletion Preview
        GET
      • Delete Workspace
        DELETE
    • User
      • Audit Logs
        GET
      • List API Keys
        GET

    Authentication

    πŸ” ENSPACE API authentication#

    The API uses token-based authentication through the x-api-key header. This guide details the entire authentication process.

    Authentication Flow#

    πŸ“‹ Mandatory Headers#

    ⚠️ Important: Every request to the ENSPACE API requires the authentication header:

    Workspace Header#

    The en-workspace header is required only on endpoints that operate in the context of a specific workspace:
    When is the en-workspace header required?
    Endpoints that manipulate specific data from a workspace (types, items, members, etc.)
    Endpoints that check member permissions
    Endpoints that access workspace settings
    When is it NOT necessary?
    Authentication and token generation endpoints
    Available workspace listing endpoints
    User profile endpoints
    πŸ’‘ Tip: Each endpoint in the documentation clearly indicates whether the en-workspace header is required or not.

    πŸ”‘ Generating your API Token#

    Prerequisites#

    βœ… Active account on ENSPACE
    βœ… Access to at least one workspace
    βœ… Permissions to generate tokens (check with administrator)

    Step by Step#

    1️⃣ Access ENSPACE#

    1.
    Go to https://be.enspace.io (or your dedicated domain)
    2.
    Log in with your credentials
    3.
    You will be directed to the workspace list

    2️⃣ Access User Settings#

    1.
    In the top right corner, click on the user menu (your avatar/photo)
    2.
    Select "User Settings"

    3️⃣ Navigate to the Dev Tab#

    1.
    In the settings, click on the "Dev" tab
    2.
    Scroll to the "API Tokens" section

    4️⃣ Create New Token#

    1.
    Click "Create your first token" (or "New token")
    2.
    Fill in the fields:
    FieldDescriptionExample
    DescriptionIdentifier name"ERP Integration", "Mobile App"
    ExpirationExpiry date1M, 6M, 1y, never
    ScopesToken Permissionsβ˜‘οΈ read β˜‘οΈ write ☐ delete
    WorkspacesAuthorized workspacesβ˜‘οΈ Workspace A β˜‘οΈ Workspace B
    3.
    Click "Generate Token"

    5️⃣ Save the Token#

    ⚠️ ATTENTION: The token will be displayed ONLY ONCE!
    en.ushcHQHcREdPpe3ZKFCSfAASFE5VawTwTH (example)
    Safety recommendations:
    πŸ”’ Save to a password manager
    πŸ”’ Use environment variables
    ❌ NEVER commit to code
    ❌ NEVER share publicly

    πŸš€ Using the Token#

    Configuration by Environment#

    .env#

    # For Global API
ENSPACE_API_KEY=en.ushcHQHcREdPpe3ZKFCSfAASFE5VawTwTH
ENSPACE_API_URL=https://api.leif.enspace.io
ENSPACE_WORKSPACE_ID=ws-123

# For Dedicated API (example)
# ENSPACE_API_URL=https://acme.api.enspace.io

    Usage Examples#

    JavaScript#

    cURL#

    Python#

    πŸ”„ Multi-Workspace Tokens#

    A single token can access multiple workspaces. Specify which one to use in each request:

    ❌ Common Problems#

    Missing Workspace Header#

    {
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Missing required header: en-workspace"
}
    Solution: Always include en-workspace in all requests.

    Invalid Token#

    {
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}
    Solutions:
    Check if the token is correct
    Confirm that it has not expired
    Generate a new token if necessary

    Unauthorized Workspace#

    {
  "statusCode": 403,
  "error": "Forbidden",
  "message": "Token not authorized for this workspace"
}
    Solution: Generate a new token including the required workspace.

    πŸ”’ Good Practices#

    βœ… DO#

    Use specific tokens per environment
    Configure suitable expiration
    Monitor token usage
    Store in a safe place

    ❌ DON’T#

    Expose tokens in code
    Use 'wildcard' tokens with full access
    Ignore expiration
    Share tokens

    πŸ“ž Support#

    Need help?
    πŸ“§ Email: support@be-enlighten.com
    πŸ’¬ Chat: Available on the dashboard
    πŸ“š Docs: https://docs.stage.enspace.io/api/auth
    When contacting support, please provide:
    1.
    First 10 characters of the token
    2.
    Reference of the workspace used
    3.
    Request timestamp with error
    4.
    Full error code
    Previous
    Introduction
    Next
    Concepts
    Built with