To use the Risk Ledger API, all requests must be authenticated using a valid API key.
Generate an API Key
You can create and manage your API keys from within the Risk Ledger platform.
- Navigate to Settings → API Keys
- You must be an organisation admin to create or manage API keys.
- Choose a name for the key (note: this cannot be changed later).
- Once generated, copy and store the key somewhere secure - it will not be shown again.
Using Your API Key
Include your API key in the Authorization header of every request using the Bearer token scheme.
Example
Authorization: Bearer YOUR_API_KEY
Here’s how it looks in a typical curl request:
curl -X GET https://api.riskledger.com/alpha/suppliers \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
Authentication Errors
If the API key is missing, invalid, or doesn’t have permission, you’ll get a 401 or 403 error with a response like:
{
"type": "auth",
"code": "authentication_error",
"message": "No API key has been provided"
}
| Code | Description |
|---|---|
authentication_error | Missing, invalid, or revoked API key |
forbidden | The key is valid but does not have access rights |
Security Notes
- Keep your API keys secret - treat them like passwords.
- Rotate keys periodically and immediately revoke any that are compromised.
- Never expose API keys in client-side code or public repos.
What's Next
Ready to start making requests? Jump to the API Reference or learn how to filter and paginate results.