🔐 Authentication
Authentication with API keys
All Company.info APIs are secured using API keys. An API key is a unique token issued to each customer, used to authenticate requests to the API Hub.
How it works
To authenticate a request, include your API key in the X-API-Key header of each HTTP request. The server will validate the key before processing the request.
X-API-Key: Token YOUR_API_KEY
If the API key is invalid or missing, the request will be rejected with an authentication error.
Access Model
The API currently uses X-API-Key only. This means that once a request is successfully authenticated, access to all available endpoints is permitted.
Note: It is your responsibility to use the API key securely, stay within your permitted usage, and comply with the Company.info API Terms of Use.
Rate limiting
To ensure fair and stable use of the platform, rate limits are applied to API usage.
If the rate limit is exceeded, the API responds with a 429 Too Many Requests status.
We recommend implementing appropriate error handling in your integration to manage such responses.
Details on rate limits per API or tier will be documented in future updates.
Policies
Each API key is associated with one or more access policies, which define the APIs and endpoints the key is authorized to use.
Policies are used to scope access based on your subscription, product configuration, or use case. If a request is made outside the scope of the assigned policy, it may be rejected.
How to obtain an API Key
As part of the onboarding process, a designated technical contact is identified. Once onboarding is complete, this contact will receive the API key by email.
If you haven’t received your API key or need additional keys for your team, please contact your Company.info representative or support team.
Using your API Key
To authenticate requests, include your API key in the request header using the X-API-Key header.
curl -X GET 'https://api.company.info/example' \
-H 'accept: application/vnd.api+json' \
-H 'X-API-KEY: xxx'
Replace YOUR_API_KEY with the actual key provided during onboarding.
Error handling
| Error Code | Error | Solution |
|---|---|---|
| 400 | Access to this API has been disallowed | The API key may not have the required access policies or may no longer be valid. Contact support.. |
| 401 | Authorization Field Missing | Ensure the API key is included in the request header using the X-API-Key format. |
Updated 5 days ago