JSON Web Tokens are at the heart of Manifold’s authentication.

Generating tokens

Our services can be scoped to either an external platform's users or native Manifold users. Tokens are globally unique. In all cases Manifold handles authentication and authorization.

The process of generating tokens differs based on the source of the user. We provide tools such as manifoldco/mamba which allow platforms to generate their own user tokens server-side using a private key and our Partners API.

Web Components

The Web Components handle calling our endpoints directly. Authentication is as simple as setting:

localStorage.setItem('manifold_api_token', [token]);

Once that value is set in localStorage with a user-scoped token, our web components take care of the rest. The user will only be able to manage/view resources and credentials to which they have been authorized.


Similarly, authorization headers can be provided with most GraphQL clients such as Apollo. Setting an authorization header as the following along with any query will similarly get scoped access:

Bearer [token]