Get Started
Authentication
AeonPass authenticates all API requests using API keys. Every call must include your key in the X-API-KEY header.
How it works
API keys are tied to your organization and grant access to all endpoints within that organization's scope. There is no session, no token rotation, and no expiry to manage — the key is valid until you revoke it from the developer portal.
Don't have a key yet? Generate one in API Key Setup.
Sending your API key
Include the X-API-KEY header on every request. The value is your raw API key — no encoding or prefix required.
curl https://apv2-gatewayapp-prod-westus3.azurewebsites.net/api/techaeon/public \
--request POST \
--header 'X-API-KEY: <your-api-key>' \
--header 'Content-Type: application/json' \
--data '{ "organizationId": "<your-organization-id>" }'Keeping your key secure
Never commit keys to source control
Store them in environment variables or a secrets manager. Add .env* to .gitignore.
Use server-side requests only
API keys grant organization-level access. Never expose them in browser JavaScript or mobile app bundles.
Rotate keys if compromised
Revoke the affected key immediately from the developer portal and generate a new one. Update your environment variables before re-deploying.
One key per environment
Use separate keys for development, staging, and production so a leaked dev key cannot affect production data.
Error reference
| Status | Code | Meaning |
|---|---|---|
| 401 | UNAUTHORIZED | X-API-KEY header is missing or the key is invalid |
| 403 | FORBIDDEN | Key is valid but does not have access to this resource |
| 429 | RATE_LIMITED | Too many requests — back off and retry after the indicated delay |
Ready to get your API key?
Follow the step-by-step guide to generate a key from your AeonPass organization and wire it into your environment.
Generate an API key