Authentication

Use Bearer API keys to authenticate every request. Create and manage keys in Admin → Settings → API Keys.

Bearer API keys

Every request must include an Authorization header with a Bearer token. The token is a long-lived API key that identifies your application and user.

curl -X GET "https://your-org.inventra.io/api/v1/products" \
  -H "Authorization: Bearer inv_live_xxxxxxxxxxxxxxxx"

Without a valid token, the API returns 401 Unauthorized.

Obtaining API keys

Only admins can create and revoke API keys.

  1. Log in to Inventra and go to Admin → Settings → API Keys.
  2. Click Create API Key, give it a name (e.g. "Production sync"), and create.
  3. Copy the token immediately — it is shown only once. Store it securely (e.g. environment variable).

Keep keys secret

API keys grant access to your data. Do not commit them to source control or expose them in client-side code.

Example: JavaScript

const response = await fetch('https://your-org.inventra.io/api/v1/products', {
  headers: {
    'Authorization': `Bearer ${process.env.INVENTRA_API_KEY}`,
    'Content-Type': 'application/json',
  },
});