Authentication
All Partner API endpoints require authentication using your admin key.
Admin Key Format
Admin keys follow the format:
iiak_admin_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
└────┬─────┘└──────────────────┬──────────────────┘
prefix 40 hex characters- Prefix:
iiak_admin_(11 characters) - Random part: 40 hexadecimal characters
- Total length: 51 characters
Using Your Admin Key
Include your admin key in the Authorization header using the Bearer scheme:
http
GET /v1/admin/users HTTP/1.1
Host: api.iagon.io
Authorization: Bearer iiak_admin_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcURL Example
bash
curl -X GET "https://api.iagon.io/v1/admin/users" \
-H "Authorization: Bearer iiak_admin_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"JavaScript Example
javascript
const response = await fetch('https://api.iagon.io/v1/admin/users', {
headers: {
'Authorization': 'Bearer iiak_admin_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
}
});Error Responses
Missing or Invalid Header
json
{
"success": false,
"error": "Missing or invalid admin API key"
}Status: 401 Unauthorized
Invalid Key
json
{
"success": false,
"error": "Invalid admin API key"
}Status: 403 Forbidden
Missing Permission
json
{
"success": false,
"error": "Permission denied: manage_users required"
}Status: 403 Forbidden
Security Best Practices
- Never expose your admin key in client-side code or public repositories
- Use environment variables to store your admin key
- Rotate keys periodically by creating a new key and revoking the old one
- Monitor audit logs for suspicious activity
- Use the minimum permissions needed for your use case
Obtaining an Admin Key
Contact Iagon to receive your admin key. You'll be provided with:
- Your admin key (store securely - it won't be shown again)
- Your entity name (your organization's identifier in the system)
- Your granted permissions