Direct API vs Managed API
Applies to: All backend integrations
Decision type: Integration model
Last updated: March 8, 2026
Crittora supports two backend integration models. Choose the Direct API if you want token-based server-to-server control. Choose the Managed API if you want Crittora to handle the Cognito exchange for each request.
Compare the models
| Mode | Base URL | Auth model | Best for |
|---|---|---|---|
| Direct API | https://api.crittoraapis.com | Bearer token auth after Cognito login | Teams that want explicit control over token lifecycle and SDK configuration |
| Managed API | https://managed.crittoraapis.com/v1 | username, password, api_key, access_key, secret_key on each request | Teams that want a simpler hosted integration path |
When to choose Direct API
- Your backend already manages session and token lifecycles.
- You want to use a direct runtime SDK such as @crittora/sdk-js or crittora-sdk-python.
- You want explicit timeout, retry, and auth-provider control in code.
When to choose Managed API
- You want the fastest hosted path to production.
- You are comfortable sending request-time credentials from a trusted backend.
- You want the endpoint docs to match your exact request shape out of the box.
Request shapes
Direct API
Token-based requests from your backend with JS, Python, or raw HTTP
Managed API
Hosted Cognito interaction handled by Crittora