Skip to main content

Authentication

ProcureIQ supports three authentication modes, depending on who is calling the platform.

API keys

Use API keys for server-to-server integrations.

curl https://api.procureiq.com/api/v1/orders \
-H "x-api-key: piq_live_xxx"

OAuth 2.0

Use OAuth 2.0 Authorization Code with PKCE for partner apps acting on behalf of ProcureIQ users.

Authorization URL: https://app.procureiq.com/oauth/authorize
Token URL: https://api.procureiq.com/oauth/token

JWT bearer tokens

Use JWT bearer tokens for first-party web and mobile experiences.

curl https://api.procureiq.com/api/v1/me \
-H "Authorization: Bearer eyJ..."

Scope model

Scopes are enforced on API keys and OAuth tokens. Typical scopes include:

  • products:read
  • orders:read
  • orders:write
  • payments:read
  • payments:write
  • support:read
  • support:write
  • webhooks:manage

Security tips

  • Store API keys in a secret manager.
  • Rotate credentials on a schedule.
  • Validate webhook signatures for every incoming delivery.