API Authentication
Secure your IronWifi REST API requests with Bearer token authentication. All API endpoints require a valid API key passed in the Authorization header to authenticate and authorize programmatic access to your IronWifi account resources.
Generating an API Key
- Log into the IronWifi Console
- Navigate to Account > API Keys
- Click Generate New Key
- Copy the key immediately
warning
The API key is only displayed once upon generation. Store it securely. If lost, generate a new key.
Using the API Key
Include the API key in the Authorization header:
Authorization: Bearer YOUR_API_KEY
Example with cURL
curl -X GET "https://console.ironwifi.com/api/users" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
Example with PHP
<?php
$api_key = "YOUR_API_KEY";
$headers = array(
"Authorization: Bearer " . $api_key,
"Content-Type: application/json;charset=utf-8"
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
// ... rest of curl configuration
?>
Example with JavaScript
const apiKey = 'YOUR_API_KEY';
fetch('https://console.ironwifi.com/api/users', {
method: 'GET',
headers: {
'Authorization': `Bearer ${apiKey}`,
'Content-Type': 'application/json'
}
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Example with Python
import requests
api_key = "YOUR_API_KEY"
headers = {
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json"
}
response = requests.get(
"https://console.ironwifi.com/api/users",
headers=headers
)
print(response.json())
Required Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer YOUR_API_KEY | Yes |
| Content-Type | application/json;charset=utf-8 | For POST/PUT |
API Key Security
Best Practices
- Never expose in client-side code - Only use server-side
- Use environment variables - Don't hardcode in source
- Rotate regularly - Generate new keys periodically
- Limit scope - Use separate keys for different purposes
- Monitor usage - Watch for unusual activity
Storing Keys Securely
Environment Variables:
export IRONWIFI_API_KEY="your_key_here"
Configuration Files:
# config.yml (add to .gitignore)
ironwifi:
api_key: your_key_here
Secret Management:
- AWS Secrets Manager
- HashiCorp Vault
- Azure Key Vault
Managing API Keys
Viewing Active Keys
- Navigate to Account > API Keys
- View list of active keys (masked)
- See creation date and last used
Revoking Keys
- Navigate to Account > API Keys
- Click Revoke next to the key
- Confirm revocation
note
Revoking a key immediately invalidates it. Any systems using that key will stop working.
Key Rotation
Recommended rotation schedule:
- Generate new key
- Update all systems using the old key
- Test functionality
- Revoke old key
Troubleshooting
401 Unauthorized
Causes:
- Invalid or revoked API key
- Missing Authorization header
- Wrong header format
Solutions:
- Verify key is correct
- Check header:
Authorization: Bearer KEY - Generate new key if needed
403 Forbidden
Causes:
- Key doesn't have required permissions
- IP restrictions (if configured)
Solutions:
- Check key permissions
- Verify source IP is allowed