API Authentication¶

All requests require a valid API key in the Authorization header. Invalid or missing keys return 401 Unauthorized or 403 Forbidden.

Required Request Headers¶

Send the API key in the Authorization header:

Header	Value	Notes
`Authorization`	`Api-Key YOUR_API_KEY_HERE`	Required. Use prefix `Api-Key` followed by a space and the key.
`Content-Type`	`application/json`	Required for endpoints that accept a JSON body.

Warning

Do not URL-encode or base64-encode the API key.

Example Header¶

Authorization: Api-Key 0123456789abcdef0123456789abcdef

Full cURL Example¶

curl -X POST "https://api.alphaaugmented.com/api/v1/orders/submit-order/"
  -H "Authorization: Api-Key 0123456789abcdef0123456789abcdef"
  -H "Content-Type: application/json"
  -d '{
    "supplier_name": "Supplier",
    "consignee_name": "Consignee",
    "transportation_mode": "Air",
    "customer_ref": "AIR-001",
    "order_items": [
      { "item": "PRD-001", "quantity": 2 }
    ]
  }'

Authentication Error Responses¶

Status	Reason	Cause
`401 Unauthorized`	Invalid or missing API key	Header missing, malformed, or unknown key.
`403 Forbidden`	Access denied	Valid key but no permission for the resource.

401 Example

                                            { "detail": "Invalid API key" }

                                        

403 Example

                                            { "detail": "You do not have permission to access this resource." }

                                        

API Key Details¶

Created in the ALPHA Portal — Users with permissions can generate and manage keys
Scoped to your company — Each key is tied to a specific integration
Confidential — Treat like passwords; never expose in code or logs
Rotatable — Revoke and create new keys at any time

Use the key exactly as provided; do not encode or transform it.

Best Practices¶

Keep keys secret — Never expose in client-side code, repos, or screenshots.
Rotate periodically — Work with your administrator on a rotation schedule.

Troubleshooting Authentication Errors¶

401 Unauthorized

Verify the Authorization header is present
Confirm the prefix is exactly Api-Key (case sensitive)
Ensure one space between Api-Key and the key
Check the key is active and copied correctly (no extra whitespace)

403 Forbidden

Confirm the API key has access to the requested supplier, consignee, and lanes
Check with your administrator if permissions have changed