Skip to main content

Authentication & Patterns

Who this is for

Developers and platform engineers building Owlie integrations.

Goal

Authenticate API requests using Owlie API keys and follow safe patterns.

Prereqs

Admin access to create API keys

Success criteria

You can make an authenticated GraphQL request to your tenant.

Steps

Go to /admin/settings/api-keys.
Create an API key.
Store the API key in a secrets manager.
Call the API using the header:

Authorization: Owlie [APIKEY]

Default configuration

Use one API key per integration.
Rotate keys on a predictable schedule.

When to change it

If you need different access levels, create separate keys per system.

Impact and risks

Leaked keys provide API access. Store them securely and rotate regularly.

Example

Use the API key to query your tenant:

POST https://<your-tenant>.owlie.app/api/graphql
Authorization: Owlie [APIKEY]

Troubleshooting

401 Unauthorized: API key missing or invalid.
403 Forbidden: API key lacks required permissions.

Assumptions & Questions

What scopes or permissions can be assigned to API keys?

Next steps

/api/common-queries
/api/graphql-schema

Who this is for
Goal
Prereqs
Success criteria
Steps
Default configuration
When to change it
Impact and risks
Example
Troubleshooting
Assumptions & Questions
Next steps