Authentication

To use the CB Insights API, you need to authenticate your requests by obtaining an access token. This document explains how to authenticate and use your credentials with the API.

Obtaining Credentials

Before you can authenticate with the API, you need to obtain your client credentials:

• Client ID and client secret must be obtained directly from CB Insights.
• You can sign up for trial access to the CB Insights API.
• Contact your CB Insights representative to request production API credentials.

Obtaining an Access Token

Authentication with the CB Insights API uses a client credentials flow. You'll need to make a POST request to our authorization endpoint with your client ID and client secret.

Authentication Request

Endpoint: POST https://api.cbinsights.com/v2/authorize

cURL

curl -X POST https://api.cbinsights.com/v2/authorize \
 -H "Content-Type: application/json" \
 -d '{
 "clientId": "your_client_id",
 "clientSecret": "your_client_secret"
 }'

Python

import requests
import json

url = "https://api.cbinsights.com/v2/authorize"
payload = {
 "clientId": "your_client_id",
 "clientSecret": "your_client_secret"
}
headers = {"Content-Type": "application/json"}

response = requests.post(url, headers=headers, data=json.dumps(payload))
token_data = response.json()

token = token_data["token"]
print(f"Authentication successful. Token: {token}")

Authentication Response

Upon successful authentication, you'll receive a response containing your access token:

{
 "token": "your_access_token"
}

Token Lifecycle

• The access token is valid for 24 hours after issuance.
• After expiration, you'll need to request a new token.
• There is no refresh token mechanism - simply make a new authorization request when your token expires.

Using Your Token

Include the token in the Authorization header of all subsequent API requests:

curl -X POST https://api.cbinsights.com/v2/firmographics \
 -H "Authorization: Bearer your_access_token"

Security Best Practices

1. Store credentials securely: Never hardcode your client ID and secret in your application code or commit them to version control.

2. Use environment variables: Store your credentials in environment variables or a secure configuration system.

3. Implement token caching: Cache your token for reuse to avoid unnecessary authentication requests, but ensure you handle expiration appropriately.

4. Limit access: Only share your credentials with authorized team members and systems.

warning

Troubleshooting

If you encounter authentication issues:

• Verify your client ID and secret are correct
• Check if your token has expired
• Ensure you're using the correct format for the Authorization header
• Confirm your account has the necessary permissions to access the requested resources