🔐 Authentication

Authentication with API keys

All Company.info APIs are secured using API keys. An API key is a unique token issued to each customer, used to authenticate requests to the API Hub.

How it works

To authenticate a request, include your API key in the X-API-Key header of each HTTP request. The server will validate the key before processing the request.

X-API-Key: Token YOUR_API_KEY

If the API key is invalid or missing, the request will be rejected with an authentication error.

Access Model

The API currently uses X-API-Key only. This means that once a request is successfully authenticated, access to all available endpoints is permitted.

Note: It is your responsibility to use the API key securely, stay within your permitted usage, and comply with the Company.info API Terms of Use.

Rate limiting

To ensure fair and stable use of the platform, rate limits are applied to API usage.

If the rate limit is exceeded, the API responds with a 429 Too Many Requests status.
We recommend implementing appropriate error handling in your integration to manage such responses.

Details on rate limits per API or tier will be documented in future updates.


Policies

Each API key is associated with one or more access policies, which define the APIs and endpoints the key is authorized to use.

Policies are used to scope access based on your subscription, product configuration, or use case. If a request is made outside the scope of the assigned policy, it may be rejected.


How to obtain an API Key

As part of the onboarding process, a designated technical contact is identified. Once onboarding is complete, this contact will receive the API key by email.

If you haven’t received your API key or need additional keys for your team, please contact your Company.info representative or support team.


Using your API Key

To authenticate requests, include your API key in the request header using the X-API-Key header.

curl -X GET 'https://api.company.info/example' \
 -H 'accept: application/vnd.api+json' \
 -H 'X-API-KEY: xxx'

Replace YOUR_API_KEY with the actual key provided during onboarding.

Error handling

Error CodeErrorSolution
400Access to this API has been disallowedThe API key may not have the required access policies or may no longer be valid. Contact support..
401Authorization Field MissingEnsure the API key is included in the request header using the X-API-Key format.