Authentication

Crawbl supports two authentication methods: mobile sessions and API tokens. All requests are validated at the edge before reaching the backend.

Mobile Sessions

The primary path for the Crawbl mobile app. The client authenticates using an identity provider token, and the edge layer validates the request before forwarding trusted identity to the backend.

API Tokens

Standard bearer token authentication for backend tools, scripts, and non-mobile clients. The edge layer validates the token against the identity provider before forwarding to the backend.

OAuth Integrations

Click diagram to zoom

Crawbl uses an industry-standard OAuth with PKCE flow for third-party integrations. Connected accounts are managed server-side — agents access external APIs on your behalf without handling raw provider credentials directly.

Planned integrations include: Slack, Gmail, Google Calendar, Jira, Asana, Notion, Zoom, and GitHub.

Internal Service Communication

All internal service-to-service communication is authenticated and audited. Unauthenticated traffic never reaches the backend in production.

Mobile Sessions​

API Tokens​

OAuth Integrations​

Internal Service Communication​

Mobile Sessions

API Tokens

OAuth Integrations

Internal Service Communication