API Authentication
Securely authenticate your API requests to Fortifiers using standard Bearer token authentication.
API Keys
The Fortifiers API uses API keys for authentication. All API requests must include your API key in the Authorization header.
Security
Requests must be made over HTTPS. Plain HTTP requests will be rejected to ensure the security of your API credentials.
Permissions
API keys are scoped to specific permissions. Ensure your key has the necessary scopes for the endpoints you are accessing.
Making Authenticated Requests
Include your API key in the Authorization header of all requests.
curl https://api.fortifiers.com/v1/documents \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json"
Obtaining an API Key
- 1
Log in to your Fortifiers dashboard
- 2
Navigate to Settings → API
- 3
Click "Generate New API Key"
- 4
Copy and securely store your API key immediately.
Important Security Warning
Your API key will only be displayed once. Store it securely and never commit it to version control (e.g., git).
Authentication Errors
| Status Code | Error | Description |
|---|---|---|
| 401 | Unauthorized | Missing or invalid API key |
| 403 | Forbidden | API key doesn't have required permissions |
| 429 | Rate Limit Exceeded | Too many requests, try again later |
Rate Limiting
Response Headers
X-RateLimit-LimitTotal requests allowedX-RateLimit-RemainingRequests remainingX-RateLimit-ResetReset timestamp
Best Practices
- Store API keys in environment variables
- Use different keys for dev/prod
- Rotate keys periodically (90 days)
- Revoke compromised keys immediately
- Always use HTTPS