API Authentication

Secure your IronWiFi REST API requests with Bearer token authentication. All API endpoints require a valid API key passed in the Authorization header to authenticate and authorize programmatic access to your IronWiFi account resources.

Generating an API Key

Log into the IronWiFi Console
Navigate to Account > API Keys
Click Generate New Key
Copy the key immediately

warning

The API key is only displayed once upon generation. Store it securely. If lost, generate a new key.

Using the API Key

Include the API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Example with cURL

curl -X GET "https://console.ironwifi.com/api/users" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Example with PHP

<?php
$api_key = "YOUR_API_KEY";

$headers = array(
  "Authorization: Bearer " . $api_key,
  "Content-Type: application/json;charset=utf-8"
);

$curl = curl_init();
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
// ... rest of curl configuration
?>

Example with JavaScript

const apiKey = 'YOUR_API_KEY';

fetch('https://console.ironwifi.com/api/users', {
  method: 'GET',
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

Example with Python

import requests

api_key = "YOUR_API_KEY"
headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

response = requests.get(
    "https://console.ironwifi.com/api/users",
    headers=headers
)

print(response.json())

Required Headers

Header	Value	Required
Authorization	Bearer YOUR_API_KEY	Yes
Content-Type	application/json;charset=utf-8	For POST/PUT

API Key Security

Best Practices

Never expose in client-side code - Only use server-side
Use environment variables - Don't hardcode in source
Rotate regularly - Generate new keys periodically
Limit scope - Use separate keys for different purposes
Monitor usage - Watch for unusual activity

Storing Keys Securely

Environment Variables:

export IRONWIFI_API_KEY="your_key_here"

Configuration Files:

# config.yml (add to .gitignore)
ironwifi:
  api_key: your_key_here

Secret Management:

AWS Secrets Manager
HashiCorp Vault
Azure Key Vault

Managing API Keys

Viewing Active Keys

Navigate to Account > API Keys
View list of active keys (masked)
See creation date and last used

Revoking Keys

Navigate to Account > API Keys
Click Revoke next to the key
Confirm revocation

note

Revoking a key immediately invalidates it. Any systems using that key will stop working.

Key Rotation

Recommended rotation schedule:

Generate new key
Update all systems using the old key
Test functionality
Revoke old key

Troubleshooting

401 Unauthorized

Causes:

Invalid or revoked API key
Missing Authorization header
Wrong header format

Solutions:

Verify key is correct
Check header:
```
Authorization: Bearer KEY
```
Generate new key if needed

403 Forbidden

Causes:

Key doesn't have required permissions
IP restrictions (if configured)

Solutions:

Check key permissions
Verify source IP is allowed

Was this page helpful?

Generating an API Key​

Using the API Key​

Example with cURL​

Example with PHP​

Example with JavaScript​

Example with Python​

Required Headers​

API Key Security​

Best Practices​

Storing Keys Securely​

Managing API Keys​

Viewing Active Keys​

Revoking Keys​

Key Rotation​

Troubleshooting​

401 Unauthorized​

403 Forbidden​

Related Topics​