Integration Clients and API keys
An Integration Client represents one external system, such as a logistics ERP, partner portal, CRM or warehouse system. API keys are generated for an Integration Client and inherit its tenant context and scopes.
Security
Never store API keys in client-side applications. Ordinavo Connect API keys are intended for trusted server-to-server communication only.
Bearer authentication
Authorization: Bearer fio_live_xxxxxxxxxxxxxxxxxxxxx
curl -X GET "https://ordinavo.de/api/connect/v1/integration/health" \
-H "Authorization: Bearer fio_live_xxxxxxxxxxxxxxxxxxxxx"
Best practices
- API keys must only be used from trusted backend systems.
- Do not expose API keys in browsers, mobile apps or public repositories.
- Rotate keys regularly and revoke unused keys.
- Use scopes with the minimum permissions required.
- Use IP allowlists where possible.