Authentication

The iNwealth API uses API keys for authentication. Each organization receives a unique key at onboarding.

API Key format

sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Prefix: sk_live_
32 hex characters (128 bits of entropy)
Shown once at generation — store it securely
Hashed with SHA-256 server-side (never stored in plaintext)

Usage

Include your API key in the Authorization header of every request:

Authorization: Bearer sk_live_your_key_here

Security best practices

Never expose your API key in client-side code (browser, mobile app). Always call the iNwealth API from your backend.

Store your key in environment variables or a secrets manager
Rotate keys periodically by requesting a new one
If a key is compromised, contact us immediately — we can revoke it instantly

Error responses

Status	Meaning
`401`	Invalid or revoked API key
`429`	Daily token quota exceeded

POST /api/agentSend a message to the AI tax advisor

⌘I

Authentication
API Key format
Usage
Security best practices
Error responses