CaliforniaCourtIntel uses API key authentication via the standard HTTP Authorization header with the Bearer scheme. There is no OAuth flow for server-to-server requests — simply include your API key on every request.
Authorization header format. Every authenticated request must include the following header: Authorization: Bearer cci_live_xxxxxxxxxxxxxxxxxxxx. The key prefix cci_live_ identifies it as a production key. Test keys (not yet available) will use the prefix cci_test_.
Generating keys. You can generate multiple keys — for example, one per application or per deployment environment. Go to Settings, then API Keys, and click Generate New Key for each key you need. Assign a descriptive name and optionally restrict the key to specific IP addresses for additional security.
Storing keys securely. Never embed an API key directly in client-side code, mobile app binaries, or public Git repositories. Use environment variables, secret managers (AWS Secrets Manager, HashiCorp Vault, Vercel Environment Variables, etc.), or CI/CD secret storage. If a key is exposed, rotate it immediately (see below).
Rotating a key. To rotate a key without downtime: (1) Generate a new key. (2) Update your application to use the new key. (3) Verify your application is working. (4) Revoke the old key by clicking the trash icon next to it in Settings, then API Keys. Revocation is immediate — any request using the old key will return a 401 Unauthorized response.
Handling authentication errors. A 401 Unauthorized response means the key is missing, malformed, or revoked. A 403 Forbidden response means the key is valid but your plan does not include the requested endpoint. Check the error.code field in the response body for a machine-readable error identifier.
If you suspect a key has been compromised, revoke it immediately from the API Keys settings page and generate a replacement. Contact security@californiacourtintel.com if you believe unauthorized access has occurred.