Introzy 2.0 APIIntrozy API DocumentationAPI Reference

Authentication

✅ Implemented: API key authentication is now available for MCP and general API access.

Overview

The Introzy API uses long-lived API keys for authentication. These keys provide secure, programmatic access to your Introzy data.

Authentication Method

API Keys ✅

Format: introzy_{64_hex_characters}
Header: Authorization: Bearer introzy_...
Expiration: 90 days (default), configurable up to 365 days
Management: Settings → API Keys in the Introzy dashboard

How API Keys Work

  1. Generate an API key from your dashboard (Settings → API Keys)
  2. Include the key in the Authorization header of all API requests
  3. Keys are validated using HMAC-SHA256 hashing
  4. Keys can be revoked instantly if compromised

Key Features

  • Long-lived: Works for 90 days without manual updates
  • Secure: HMAC-SHA256 hashed in database, shown only once
  • Revocable: Instantly revoke compromised keys
  • Usage tracking: See when keys were last used
  • Multiple keys: Create separate keys for dev, staging, production

Getting Started

1. Generate an API Key

  1. Log into your Introzy dashboard
  2. Navigate to Settings → API Keys
  3. Click "Generate New Key"
  4. Give your key a name (e.g., "Production API", "Local Development")
  5. Choose an expiration period (30-365 days)
  6. Copy the key immediately (it won't be shown again!)

2. Use the API Key

Include your API key in the Authorization header:

curl -H "Authorization: Bearer introzy_e3b0c44298fc1c149afbf4..." \
     https://beta-api.introzy.com/api/contacts

3. Manage Your Keys

  • View keys: See all your keys with creation date, last used, and expiration
  • Revoke keys: Instantly revoke any key that's no longer needed
  • Monitor usage: Check when keys were last used to identify unused keys

Security Best Practices

Keep Keys Secure

  • Never commit API keys to version control
  • Never expose keys in client-side code
  • Never share keys publicly
  • Do use environment variables to store keys
  • Do rotate keys periodically
  • Do use separate keys for different environments

Example: Environment Variables 

# .env (never commit this file!)
INTROZY_API_KEY=introzy_e3b0c44298fc1c149afbf4...

// Use in your application
const response = await fetch('https://beta-api.introzy.com/api/contacts', {
  headers: {
    Authorization: `Bearer ${process.env.INTROZY_API_KEY}`,
  },
})

Error Responses

401 Unauthorized 

{
  "success": false,
  "error": "API key authentication failed",
  "details": {
    "reason": "Invalid API key"
  }
}

Common causes:

  • Invalid or malformed API key
  • API key has been revoked
  • API key has expired

403 Forbidden 

{
  "success": false,
  "error": "You do not have permission to access this resource"
}

Common cause: Attempting to access data from a different organization