Authentication
ProcureIQ supports three authentication modes, depending on who is calling the platform.
API keys
Use API keys for server-to-server integrations.
curl https://api.procureiq.com/api/v1/orders \
-H "x-api-key: piq_live_xxx"
OAuth 2.0
Use OAuth 2.0 Authorization Code with PKCE for partner apps acting on behalf of ProcureIQ users.
Authorization URL: https://app.procureiq.com/oauth/authorize
Token URL: https://api.procureiq.com/oauth/token
JWT bearer tokens
Use JWT bearer tokens for first-party web and mobile experiences.
curl https://api.procureiq.com/api/v1/me \
-H "Authorization: Bearer eyJ..."
Scope model
Scopes are enforced on API keys and OAuth tokens. Typical scopes include:
products:readorders:readorders:writepayments:readpayments:writesupport:readsupport:writewebhooks:manage
Security tips
- Store API keys in a secret manager.
- Rotate credentials on a schedule.
- Validate webhook signatures for every incoming delivery.