![Workshop-Software_Logo_Horiz_Green.png]](https://knowledgebase.workshopsoftware.com/hs-fs/hubfs/Workshop-Software_Logo_Horiz_Green.png?height=25&name=Workshop-Software_Logo_Horiz_Green.png){kind=logo}
How the Platinum API Authentication Works
Source: workshop-api-gateway/index.js
- Requires THREE credentials: company_id (body/querystring) + Authorization header (API key) + ws_api_secret header
- Company IDs are masked/unmasked using a per-company masking salt
- ALL authentication failures return generic "Invalid API Credentials" — no hint which part is wrong
- Consumers must use masked company IDs (received in API responses) — raw UUIDs won't work
Support scenarios
- "API returns Invalid Credentials" → could be any of 5 different causes, no way to tell
- "Company ID isn't working" → consumer is using raw UUID instead of masked ID