The Introw API uses customer API keys. Each key belongs to one Introw organisation and can only access data in that organisation.Documentation Index
Fetch the complete documentation index at: https://developers.introw.io/llms.txt
Use this file to discover all available pages before exploring further.
Create an API key
- In Introw, go to Settings > Developer > API keys.
- Click Create API key.
- Enter a descriptive name, such as
Production data sync. - Select the scopes your integration needs.
- Click Create and copy the API key.
Authenticate a request
Send the API key in thex-api-key header.
Scopes
Scopes limit what an API key can do. Give each key the smallest set of scopes required for the integration.| Scope | Allows |
|---|---|
partners:read | List partners and fetch a single partner. |
partners:write | Create partners and update existing partners. |
403 Forbidden.
Organisation scoping
API keys are tied to the Introw organisation where they are created. You do not need to send an organisation ID in requests. Introw resolves the organisation from the authenticated API key and applies that boundary to every endpoint.Rotate an API key
Rotate API keys on a regular schedule and whenever a key may have been exposed.- Create a new API key with the same scopes.
- Deploy the new key to your integration.
- Verify the integration is using the new key.
- Revoke the old key in Settings > Developer > API keys.
Revoke an API key
Revoke a key when an integration is decommissioned, an owner leaves, or a key is suspected to be compromised. Revoked keys stop authenticating immediately.Troubleshooting
| Symptom | What to check |
|---|---|
401 Unauthorized | The x-api-key header is missing, invalid, expired, or revoked. |
403 Forbidden | The API key is valid but does not include the endpoint’s scope. |
| Requests return the wrong data | Confirm the key was created in the expected Introw organisation. |
| The full key is no longer visible | Create a replacement key and revoke the old one if needed. |