Authentication
All customer API requests require a valid API key from your iplyt dashboard.
Create a key
- Sign in and open API keys.
- Create a key with a descriptive name.
- Copy the full key immediately — it is shown only once.
Keys are stored as a one-way hash. If you lose a key, revoke it and create a new one.
Send the key
Use either header format:
Bearer token (recommended)
curl -H "Authorization: Bearer YOUR_API_KEY" \
"https://YOUR_PLATFORM_HOST/api/v1/lookup?ip=8.8.8.8"
X-API-Key header
curl -H "X-API-Key: YOUR_API_KEY" \
"https://YOUR_PLATFORM_HOST/api/v1/lookup?ip=8.8.8.8"
Key states
| State | API access |
|---|---|
| Active | Allowed |
| Disabled | Rejected (401) |
| Revoked | Rejected (401) |
| Expired | Rejected (401) |
Disable a key temporarily from the dashboard without deleting it. Revoke a key permanently when rotating credentials.
Authentication errors
When authentication fails, the API returns 401 with a JSON body:
{
"error": "API key required"
}
Other messages include Invalid or revoked API key, API key disabled, and API key expired.
Security practices
- Never commit keys to source control or expose them in client-side code.
- Use separate keys per environment (production, staging, development).
- Set an expiry date for short-lived integrations.
- Rotate keys regularly — see Security.
Related
- API keys — manage keys in the dashboard
- Lookup endpoints — authenticated lookup requests
