Authentication

Authentication

All API requests require a bearer token in the Authorization header.

Last updated: April 2026

Header format

HTTP
Authorization: Bearer <YOUR_API_KEY>
Every request — upload, results, webhook registration — must include this header. Requests without it return 401 UNAUTHORIZED.

Where to get your key

API keys are issued from the AIdaptIQ dashboard under Settings → API keys. Each key is scoped to one organisation.

Key management best practices

  • Store keys server-side only

    Never embed an API key in browser JavaScript, mobile app binaries, or client-side code. Use environment variables or a secrets manager.

  • Use separate keys per environment

    Create distinct keys for dev, staging, and production. Revoke dev keys before they reach production.

  • Rotate on exposure

    If a key is ever committed to source control or logged, revoke it immediately from the dashboard and issue a new one.

  • Rotate periodically

    Even without an exposure event, rotate production keys at least every 90 days.

API keys have full account access. Treat them with the same care as passwords.

Example — setting key via environment

shell
export N7_API_KEY=your_key_here
TypeScript
const apiKey = process.env.N7_API_KEY;
fetch(url, { headers: { Authorization: `Bearer ${apiKey}` } });