API Keys
API keys are designed for machine-to-machine communications, automation scripts, and server-side utilities. They grant direct access to resources without requiring user interaction or browser login flows.
How to Use
Include your API key as a Bearer token in the Authorization header of your HTTP requests.
GET https://accounts.elixpo.com/api/auth/me Authorization: Bearer elx_live_9b7bf7c2866eee9d3e488297
Scopes Reference
When generating a key in the Developer Portal, you must select the granular permissions (scopes) it is allowed to execute:
| Scope Name | Permissions Granted |
|---|---|
users:read | Allows querying and searching user profiles and status. |
users:write | Allows creating users, editing roles, or suspending/deactivating users. |
apps:read | Allows reading developer OAuth client registrations. |
apps:write | Allows registering, modifying, or deleting OAuth clients. |
webhooks:read / write | Allows managing webhook subscriptions and reading logs. |
admin:read / write | Grants access to admin panels, audit logs, and general settings. |
Security Guidelines
API keys prefix with elx_live_. Never check API keys into version control (git). If a key is accidentally exposed, revoke it immediately from the Developer Dashboard to prevent unauthorized access.