Authentication
The Kordon API uses Bearer token authentication to secure all requests. Every API call must include a valid thentication key in the Authorization header.
API Key Types
Section titled “API Key Types”Personal Keys
Section titled “Personal Keys”Personal keys inherit the same permissions and access level as the user who created them.
Use cases:
- Personal automation scripts
- Development and testing
- Individual user workflows
Characteristics:
- Same role and permissions as the creating user
- Revoked when user is deactivated
BOT Keys
Section titled “BOT Keys”BOT Keys have permissions based on a specific role assignment, independent of the individual user.
Use cases:
- Production integrations
- System-to-system communications
- Shared organizational workflows
Characteristics:
- Role-based permissions
- Independent of individual user accounts
Generating API Keys
Section titled “Generating API Keys”- Log into your Kordon account
- Navigate to Settings → API Keys
- Click Generate New Key
- Select key type and configure permissions
- Copy and securely store the key
Using API Keys
Section titled “Using API Keys”Include your key in the Authorization header of every request:
Authorization: Bearer YOUR_KEY_HEREExample Request
Section titled “Example Request”curl --location GET \--url "https://YOUR_KORDON_DOMAIN/api/v1/users" \--header "Authorization: Bearer YOUR_KEY_HERE"Authentication Errors
Section titled “Authentication Errors”401 Unauthorized
Section titled “401 Unauthorized”{ "error": { "code": "unauthorized", "message": "Invalid or missing authentication key", "status": 401 }}Common causes:
- Missing
Authorizationheader - Invalid API key format
- Revoked API key
403 Forbidden
Section titled “403 Forbidden”{ "error": { "code": "forbidden", "message": "Insufficient permissions for this resource", "status": 403 }}Common causes:
- Valid API key but insufficient permissions
- Resource access restrictions
- Role-based access limitations