API Keys
API keys provide server-to-server authentication for the Islamic Open Finance™ API.
Key Types
| Type | Prefix | Usage |
|---|---|---|
| Secret Key | iof_sk_ | Server-side only |
| Publishable Key | iof_pk_ | Client-side (limited access) |
| Test Key | iof_sk_test_ | Sandbox environment |
Creating API Keys
Via Dashboard
- Navigate to Settings → API Keys
- Click Create New Key
- Select permissions and scopes
- Copy and securely store the key
Via API
typescript
const apiKey = await iof.apiKeys.create({
name: "Production Server",
permissions: ["contracts:read", "contracts:write"],
expiresAt: new Date("2025-12-31"),
});
console.log(apiKey.secretKey); // iof_sk_live_...Using API Keys
Include the key in the Authorization header:
bash
curl https://api.islamicopenfinance.com/v1/contracts \
-H "Authorization: Bearer iof_sk_live_abc123..."Or with the SDK:
typescript
import { IslamicOpenFinance } from "@iof/sdk";
const iof = new IslamicOpenFinance({
apiKey: process.env.IOF_API_KEY,
});Key Permissions
| Scope | Description |
|---|---|
contracts:read | Read contract data |
contracts:write | Create/update contracts |
kyc:read | Read KYC data |
kyc:write | Submit KYC verifications |
billing:read | View billing information |
admin:* | Full administrative access |
Security
- Keys are only shown once at creation
- Rotate keys regularly (recommended: every 90 days)
- Use different keys for different environments
- Monitor key usage in the dashboard
Next Steps
- OAuth 2.0 - User-delegated authentication
- API Reference - Start making API calls