API Authentication

Learn how to authenticate your requests to the IriSync API

Overview

The IriSync API uses OAuth 2.0 and API keys for authentication. All API requests must include authentication credentials in the request headers. Unauthenticated requests will be rejected with a 401 Unauthorized response.

There are two authentication methods available:

API Keys
Simple method for server-to-server communication where you control both the client and server
OAuth 2.0
Recommended for third-party applications acting on behalf of IriSync users

Production vs. Development

We recommend using separate API keys for production and development environments to prevent any accidental modifications to production data.

API Key Authentication

API keys provide a simple way to authenticate with the IriSync API. Each API key is associated with your IriSync account and has specific permissions.

Obtaining an API Key

To get an API key:

Log in to your IriSync account
Go to Settings > API Keys
Click "Create New API Key"
Name your key and select the appropriate permissions
Copy your API key (it will only be shown once)

Important Security Notice

Your API key provides access to your IriSync account. Never share it publicly or include it in client-side code. Store it securely and only use it in server-side applications.

Using Your API Key

Include your API key in the Authorization header of your requests as a Bearer token:

Authorization: Bearer YOUR_API_KEY

Example Request

curl -X GET "https://api.irisync.com/api/users/me" \
  -H "Authorization: Bearer YOUR_API_KEY"

OAuth 2.0 Authentication

OAuth 2.0 is the recommended authentication method for third-party applications that need to access IriSync on behalf of users without storing their credentials.

Setting Up OAuth

To use OAuth with IriSync:

Register your application in the IriSync Developer Portal
Obtain your Client ID and Client Secret
Configure your redirect URIs

OAuth 2.0 Flow

Example implementation of the OAuth 2.0 flow:

// 1. Redirect user to authorization URL
window.location.href = 'https://api.irisync.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=read,write';

// 2. After user authorizes, handle the callback
const handleCallback = async (code) => {
  const response = await fetch('https://api.irisync.com/oauth/token', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      client_id: 'YOUR_CLIENT_ID',
      client_secret: 'YOUR_CLIENT_SECRET',
      code: code,
      grant_type: 'authorization_code',
      redirect_uri: 'YOUR_REDIRECT_URI'
    })
  });
  
  const { access_token, refresh_token, expires_in } = await response.json();
  // Store these tokens securely
};

Available Scopes

Common scopes include:

read
Read-only access to user data
write
Create and modify data
content:read
Access to content only
content:write
Create and modify content

Next Steps

Now that you understand authentication, check out these resources:

API Endpoints Reference API Reference Platform Integration

// 1. Redirect user to authorization URL window.location.href = 'https://api.irisync.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=read,write'; // 2. After user authorizes, handle the callback const handleCallback = async (code) => { const response = await fetch('https://api.irisync.com/oauth/token', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET', code: code, grant_type: 'authorization_code', redirect_uri: 'YOUR_REDIRECT_URI' }) }); const { access_token, refresh_token, expires_in } = await response.json(); // Store these tokens securely };