Credentials and Authentication

Credentials

Contact iplicit support apisupport@iplicit.com to request credentials that provide access to the API endpoints.

You will then be provided with three items that make up the credentials needed to use the API:

  • a domain
  • a user account name
  • an API key

The API Key should be treated as a secret and stored in a secure manner.

API Keys have an expiration date, after which a new key will need to be requested. Multiple API keys can be associated to a user account to allow for periodic rotation of credentials.

How to create an API Key

To create a new API key, the User account must have an API license. This will then generate an API keys tab within the User account.

  • Select New.

  • Enter description and the length of time the key is valid. This can be set to any length of time; although best practice is to rotate them every 90 days. This is not mandatory and any length can be set.

  • Copy the API key code that is created.

    Warning

Authentication

API requests must be authenticated using a session token bearer token:

Authorization: Bearer <session token>


The session token is obtained by creating a session for a user account using the API Key credentials:

POST https://api.iplicit.com/api/session/create/api


Parameters Type Description
Domain Header The environment domain (e.g.: sandox.demo)
username,
userApiKey		 Body The user account credentials to create a session for.
The credentials are encoded as JSON:
Content-type: application/json 
{
  "username": "{{user}}",
  "userApiKey": "{{API key}}"
}

Example

POST https://api.iplicit.com/api/session/create/api
Domain: sandbox.demo
Content-type: application/json

{
    "username": "api_user_10293",
    "userApiKey": "8Ga3a9JaXebGbAgdbJUAhwXG8a12mfsj3Gfd"
}
Response:
200 OK
{
  "tokenDue":"2022-02-09T11:12:39.64Z",
  "sessionToken":"aj4DdxCJ30/1tz8UpCGGyQ02mCPPqoipAQcTvASNQ+VnfKbVTZUKz8",
  "domain":"sandbox.demo",
  "apiVer":"1.1"
}

The session token can then be used as a bearer token to authenticate subsequent requests:

GET https://api.iplicit.com/api/document/SIN100
Domain: sandbox.demo
Authorization: Bearer aj4DdxCJ30/1tz8UpCGGyQ02mCPPqoipAQcTvASNQ+VnfKbVTZUKz8

The session token should be reused for all future requests until it's expiry date tokenDue.

Note

  1. Multiple active session tokens can be created using the same API key. Session tokens are treated on an individual basis and will expire after 30mins, regardless of the other tokens expiry time.

  2. There is a rate limit of 1500 requests per 5 minute window. Any requests above this threshold will be blocked for the remainder of the 5 minute window.


Updated September 2025