Search Results for

    Show / Hide Table of Contents

    Credentials and Authentication

    Credentials

    Contact iplicit support apisupport@iplicit.com to request credentials that provide access to the API endpoints.

    You will then be provided with three items that make up the credentials needed to use the API:

    • a domain
    • a user account name
    • an API key

    The API Key should be treated as a secret and stored in a secure manner.

    API Keys have an expiration date, after which a new key will need to be requested. Multiple API keys can be associated to a user account to allow for periodic rotation of credentials.

    How to create an API Key

    To create a new API key, the User account must have an API license. This will then generate an API keys tab within the User account.

    • Select New.

    • Enter description and the length of time the key is valid. This can be set to any length of time; although best practice is to rotate them every 90 days. This is not mandatory and any length can be set.

    • Copy the API key code that is created.

      Warning

    Authentication

    API requests must be authenticated using a session token bearer token:

    Authorization: Bearer <session token>


    The session token is obtained by creating a session for a user account using the API Key credentials:

    POST https://api.iplicit.com/api/session/create/api


    Parameters Type Description
    Domain Header The environment domain (e.g.: sandox.demo)
    username,
    userApiKey
    Body The user account credentials to create a session for.
    The credentials are encoded as JSON:
    Content-type: application/json
    {
    "username": "{{user}}",
    "userApiKey": "{{API key}}"
    }

    Example

    POST https://api.iplicit.com/api/session/create/api
    Domain: sandbox.demo
    Content-type: application/json
    
    {
        "username": "api_user_10293",
        "userApiKey": "8Ga3a9JaXebGbAgdbJUAhwXG8a12mfsj3Gfd"
    }
    
    Response:
    200 OK
    {
      "tokenDue":"2022-02-09T11:12:39.64Z",
      "sessionToken":"aj4DdxCJ30/1tz8UpCGGyQ02mCPPqoipAQcTvASNQ+VnfKbVTZUKz8",
      "domain":"sandbox.demo",
      "apiVer":"1.1"
    }
    

    The session token can then be used as a bearer token to authenticate subsequent requests:

    GET https://api.iplicit.com/api/document/SIN100
    Domain: sandbox.demo
    Authorization: Bearer aj4DdxCJ30/1tz8UpCGGyQ02mCPPqoipAQcTvASNQ+VnfKbVTZUKz8
    

    The session token should be reused for all future requests until it's expiry date tokenDue.

    Note
    1. Multiple active session tokens can be created using the same API key. Session tokens are treated on an individual basis and will expire after 30mins, regardless of the other tokens expiry time.

    2. There is a rate limit of 1500 requests per 5 minute window. Any requests above this threshold will be blocked for the remainder of the 5 minute window.



    Updated September 2025

    In this article
    Back to top Generated by DocFX