Authentication
Authentication
Section titled “Authentication”All API requests require an API key. Your key is provided by your administrator when your account is set up.
API Key Format
Section titled “API Key Format”API keys are provided by your administrator and look like this:
ila_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxSending Your API Key
Section titled “Sending Your API Key”You can authenticate using either of these methods:
Option 1: Authorization Header (recommended)
Section titled “Option 1: Authorization Header (recommended)”Authorization: Bearer ila_your_api_key_hereOption 2: X-API-Key Header
Section titled “Option 2: X-API-Key Header”X-API-Key: ila_your_api_key_hereBoth methods are equivalent. Use whichever fits your HTTP client best.
Example Request
Section titled “Example Request”curl -X POST https://your-base-url/api/your-product-slug \ -H "Authorization: Bearer ila_your_api_key_here" \ -H "Content-Type: application/json" \ -d '{ "inputs": { "field1": "value1" } }'Security Best Practices
Section titled “Security Best Practices”- Server-side only — Always make API calls from your backend server, not from a browser or mobile app
- Environment variables — Store keys in environment variables, not hardcoded in source code
- Least privilege — Your key is scoped to specific products; use separate keys for separate integrations if needed
- Rotate when compromised — Contact your administrator immediately if a key is exposed
Rate Limit Headers
Section titled “Rate Limit Headers”Every response includes headers showing your current usage:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per minute |
X-RateLimit-Remaining | Requests remaining this minute |
X-RateLimit-Daily-Limit | Maximum requests allowed per day |
X-RateLimit-Daily-Remaining | Requests remaining today |
Monitor these headers to stay within your limits. See Rate Limits for more details.
Authentication Errors
Section titled “Authentication Errors”Missing API Key — 401
Section titled “Missing API Key — 401”{ "error": "No API key provided"}Include your key in the Authorization or X-API-Key header.
Invalid or Inactive Key — 401
Section titled “Invalid or Inactive Key — 401”{ "error": "Invalid or inactive API key"}Verify the key is correct and hasn’t been disabled or expired. Contact your administrator if needed.
Unauthorized Product — 403
Section titled “Unauthorized Product — 403”{ "error": "Your API key does not have access to this product"}Your key is not authorized for the product slug you’re calling. Confirm the correct slug with your administrator.
Need Help?
Section titled “Need Help?”Contact your administrator to:
- Request a new or replacement API key
- Check key status or expiration
- Adjust rate limits or IP restrictions