Authentication
The Uzabase Data Feed API uses OAuth 2.0 with the Client Credentials grant and JWT client assertions for authentication.
How It Works
- Your application creates a JWT signed with your RSA private key
- The JWT is sent to the
/tokenendpoint to obtain a short-lived access token - You call API endpoints using
Authorization: Bearer <access_token> - The API returns data based on your authorized scopes
Why JWT Authentication?
- No shared secrets transmitted over the wire
- Authentication is tied to possession of the private key
- Tokens are short-lived and scoped
Scopes
Access is controlled through a scope-based permission model:
| Scope | Description |
|---|---|
company:private:read | Read company firmographic data |
financials:read | Read financial statement data |
financials:export | Export financial data as CSV |
taxonomy:read | Read taxonomy classification data |
country:{code} | Access data for a specific country (ISO 3166-1 alpha-3) |
country:* | Access data for all countries |
speeda-ranking.companies | Read listed Japanese company ranking data |
speeda-ranking.industries | Read industry ranking data |
speeda-ranking.company-pages | Read listed Japanese company page-type ranking data |
Endpoints enforce scope-based filtering — your client must hold the appropriate scopes for the requested data.
Next Steps
- Token Generation — step-by-step guide to creating JWTs and obtaining access tokens