rorix
Sign In

Authentication

The Rorix API uses API keys for authentication. All authenticated requests must include your key in the Authorization header.

Creating API Keys

  1. Sign in to the Rorix dashboard
  2. Navigate to Settings then API Keys
  3. Click Create API Key
  4. Enter a descriptive name (e.g., "CI Pipeline" or "Local Development")
  5. Optionally set an expiration date
  6. Click Create
  7. Copy the key immediately — it starts with rxk_ and will only be shown once

Using API Keys

Include your API key in the Authorization header as a Bearer token:

curl https://rorix.io/api/projects \
  -H "Authorization: Bearer rxk_your_api_key_here"

Key Security

  • Keys are hashed in the database. Rorix stores a one-way hash of your API key. If the database is compromised, your raw key cannot be recovered.
  • Revoke compromised keys immediately. If you suspect a key has been exposed, revoke it from the dashboard and create a new one.
  • Set expiration dates. For CI/CD keys, consider setting an expiration and rotating keys periodically.
  • Use environment variables. Never hard-code API keys in source code. Use secrets management in your CI/CD platform.

Revoking Keys

Via Dashboard

Go to Settings then API Keys, find the key, and click Revoke.

Via API

curl -X DELETE https://rorix.io/api/api-keys/{keyId} \
  -H "Authorization: Bearer rxk_your_api_key_here"

Revoked keys are immediately invalidated. Any requests using a revoked key will receive a 401 Unauthorized response.

API ReferenceScan