Skip to main content

Ory Network API Authorization

Ory Network Project APIs are separated into:

  • Ory Network Frontend APIs are used to interact with Ory Network projects, such as register users or checking login state.
  • Ory Network Admin APIs are used to perform privileged operations on Ory Network projects, such as deleting users or creating permissions.

Ory Network Management APIs are used to manage Ory Network projects, such as creating a new project or changing settings.

Authorizing Ory Network Project Frontend APIs

Frontend APIs are used to interact with Ory Network projects from your frontend application and do not require any special authorization.

Authorizing Ory Network Project Admin APIs

API Keys are used to authorize privileged operations to Ory Network Project Admin APIs. For example, you must use an API Key to call the Admin API, which allows you to delete users.

API Keys work only in the context of the Project for which they were created. You create API Keys in the Ory Console.

Creating API Keys

Follow these steps to create API Keys for your Project:

  1. Go to the Ory Console.
  2. Go to Access & APIs.
  3. Click the + icon in the API Keys section.
  4. Enter the API Key name and click Create new API key.
  5. Copy the created API Key from the prompt that shows at the bottom right of the screen.
caution

The API Key you created is displayed only once. When you close the prompt, you can't access the key again. Make sure to save the API Key before you close the prompt or reload the page.

API Keys are bound to an Ory Network project, and not to a specific user. This means that any user with access to the API Key can perform the operations that the API Key allows, even if they are no longer part of the project. Make sure to keep your API Keys secure and rotate them if necessary.

Authorizing Ory Network Workspace Admin APIs

Workspace API keys are used to authorize privileged operations to Ory Network Workspace admin APIs as well as the project admin APIs of all projects that belong to this workspace. For example, you must use a Workspace API key to create a new project in a workspace, or add a new B2B SSO organization to a project within that workspace.

API Keys work in the context of the workspace for which they were created, as well as for all projects of that workspace. You create API Keys in the Ory Console.

Creating API keys

Follow these steps to create API keys for your workspace:

  1. Go to the Ory Console.
  2. Go to Workspace settings through the workspace menu in the top left corner.
  3. Select API keys in the sidebar.
  4. Click the + icon in the API Keys section.
  5. Enter the API Key name and click Create new API key.
  6. Copy the created API Key from the prompt that shows at the bottom right of the screen.
caution

The API Key you created is displayed only once. When you close the prompt, you can't access the key again. Make sure to save the API Key before you close the prompt or reload the page.

API Keys are bound to an Ory Network project, and not to a specific user. This means that any user with access to the API Key can perform the operations that the API Key allows, even if they are no longer part of the project. Make sure to keep your API Keys secure and rotate them if necessary.

Usage

Use the API Key in API calls, SDK calls, or command-line interactions. Ory API Keys have a ory_apikey_ or ory_pat_, which makes it easy to identify them when analyzing code.

For example, when calling the Admin API at /admin/identities, include the API Key in the Authorization header:

GET /admin/identities HTTP/1.1
Host: $PROJECT_SLUG.projects.oryapis.com
Accept: application/json
Authorization: Bearer $API_KEY

Authorizing Ory Network Management APIs

Ory Network Management APIs are used to manage Ory Network projects, such as creating a new project or changing settings. At this time the only way to authorize Management APIs is by using a session cookie issued to you by the Ory Network Console. Please reach out to your support representative if you need help with this process.