Ordinavo Connect API v1

Authentication

Ordinavo Connect uses server-to-server API keys assigned to Integration Clients with explicit scopes.

Integration Clients and API keys

An Integration Client represents one external system, such as a logistics ERP, partner portal, CRM or warehouse system. API keys are generated for an Integration Client and inherit its tenant context and scopes.

Security

Never store API keys in client-side applications. Ordinavo Connect API keys are intended for trusted server-to-server communication only.

Bearer authentication

Authorization: Bearer fio_live_xxxxxxxxxxxxxxxxxxxxx
curl -X GET "https://ordinavo.de/api/connect/v1/integration/health" \
  -H "Authorization: Bearer fio_live_xxxxxxxxxxxxxxxxxxxxx"

Best practices

  • API keys must only be used from trusted backend systems.
  • Do not expose API keys in browsers, mobile apps or public repositories.
  • Rotate keys regularly and revoke unused keys.
  • Use scopes with the minimum permissions required.
  • Use IP allowlists where possible.