Skip to main content

Authenticating Requests with API Keys

To make successful requests to the Iron API, you must authenticate every request by including a valid API key in the request headers. Authentication ensures that only authorized users can access resources or perform actions within the API. Learn how to generate API Keys here.

Including the API Key

Include your API key in the X-API-Key header of every request. If the API key is missing, incorrect, or revoked, the request will fail.

Example Request

The following example demonstrates how to use your API key with a GET request to fetch a list of customers: Example using cURL: 
curl --request GET \
     --url https://api.sandbox.iron.xyz/api/customers \
     --header 'X-API-Key: YOUR-API-KEY' \
     --header 'accept: application/json; charset=utf-8'
Note:
  • Replace YOUR-API-KEY with the actual API key you generated.
  • The X-API-Key header is required for every request to authenticate your access.

Handling Authentication Errors

If you use an invalid or revoked API key, the server will respond with a 401 Unauthorized error. Here’s an example response: 
< HTTP/2 401
< date: Fri, 17 Jan 2025 12:02:30 GMT
< content-type: text/plain; charset=utf-8
< content-length: 19
< strict-transport-security: max-age=15724800; includeSubDomains
<
authorization error

Common Causes of Authentication Errors:

  1. Incorrect API Key: Ensure the key matches the one you generated.
  2. Revoked API Key: Verify that the key has not been revoked.
  3. Missing API Key: Confirm the X-API-Key header is included in your request.

How to Resolve:

  • Double-check the API key and its permissions in your Iron API Dashboard.
  • Generate a new key if necessary and update your requests with the new key.