Skip to content

Handbook

Authentication

All customer API requests require a valid API key from your iplyt dashboard.

Create a key

  1. Sign in and open API keys.
  2. Create a key with a descriptive name.
  3. Copy the full key immediately — it is shown only once.

Keys are stored as a one-way hash. If you lose a key, revoke it and create a new one.

Send the key

Use either header format:

Bearer token (recommended)

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://YOUR_PLATFORM_HOST/api/v1/lookup?ip=8.8.8.8"

X-API-Key header

curl -H "X-API-Key: YOUR_API_KEY" \
  "https://YOUR_PLATFORM_HOST/api/v1/lookup?ip=8.8.8.8"

Key states

State API access
Active Allowed
Disabled Rejected (401)
Revoked Rejected (401)
Expired Rejected (401)

Disable a key temporarily from the dashboard without deleting it. Revoke a key permanently when rotating credentials.

Authentication errors

When authentication fails, the API returns 401 with a JSON body:

{
  "error": "API key required"
}

Other messages include Invalid or revoked API key, API key disabled, and API key expired.

Security practices

  • Never commit keys to source control or expose them in client-side code.
  • Use separate keys per environment (production, staging, development).
  • Set an expiry date for short-lived integrations.
  • Rotate keys regularly — see Security.

Related