Introduction

Authentication

The Fortress API uses authentication with API keys. Each API key is mapped to a specific organization (customer) through our authorization system.

Server-to-Server Communication: This API was designed for server-to-server communication. If you make requests directly from the frontend, your x-api-key will be exposed to users, which is a security risk.

API Key Authentication

Headers Required

For all API requests, you need to include your API key in the x-api-key header:

$curl https://api.fortresstech.io/v1/properties \
>  -H "x-api-key: YOUR_API_KEY"

Organization Context

When you make a request with your API key, our authorization system automatically:

  1. Validates your API key
  2. Maps the key to your organization ID
  3. Ensures you only access data within your organization’s scope

Getting an API Key

To obtain an API key for your organization:

  1. Contact our team to set up your organization account
  2. We will provide you with an API key specific to your organization
  3. Store this API key securely - it will be used to identify your organization for all API requests

Security Best Practices

  1. Keep your API key secure and never expose it in client-side code
  2. Don’t share your API key with other organizations
  3. Implement proper error handling for authentication failures
  4. Use HTTPS for all API requests
  5. If you suspect your API key has been compromised, contact us immediately for a replacement

Example Request

Using curl

$curl https://api.fortresstech.io/v1/properties \
>  -H "x-api-key: YOUR_API_KEY"