Authentication
All API requests (except GET /health) require authentication via an API key. Keys are created in the dashboard and follow the format ia_sk_ followed by 48 hex characters.
Authorization Header
Pass your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer ia_sk_your_key_hereExample
cURL
curl https://indigiarmor.com/v1/scan \
-H "Authorization: Bearer ia_sk_abc123def456..." \
-H "Content-Type: application/json" \
-d '{"prompt": "Hello world"}'JavaScript
const res = await fetch('https://indigiarmor.com/v1/scan', {
method: 'POST',
headers: {
'Authorization': 'Bearer ia_sk_abc123def456...',
'Content-Type': 'application/json',
},
body: JSON.stringify({ prompt: 'Hello world' }),
});Key Security
Keys are hashed with SHA-256 on our servers. We never store the raw key.
The raw key is shown only once at creation time. Store it securely.
Revoke compromised keys immediately from the dashboard.
Never commit API keys to source control or expose them in client-side code.
Error Responses
Invalid or missing keys return a 401 status:
401 Response
{
"error": {
"code": "AUTHENTICATION_ERROR",
"message": "Invalid or missing API key",
"request_id": "req_abc123"
}
}