Skip to main content

Documentation

Authentication

API keys, gateway introspection, and the Identity /me endpoint.

Authenticate with X-API-Key or Authorization: Bearer <key>. Kong validates keys on every /v1/* request and injects tenant context headers for downstream services.

API key header

HTTP
X-API-Key: sk_test_syntra_dev_key

Bearer token (equivalent)

HTTP
Authorization: Bearer sk_test_syntra_dev_key

Gateway context headers

After Kong introspection, upstream services receive:

  • X-Syntra-Tenant-Id, X-Syntra-User-Id, X-Syntra-Api-Key-Id
  • X-Syntra-Roles, X-Syntra-Permissions, X-Syntra-Features
  • X-Syntra-Key-Scopes, X-Syntra-Teams

Identity profile

GET /v1/identity/meJSON
{
  "id": "usr_demo",
  "email": "dev@syntra.io",
  "tenantId": "ten_demo",
  "roles": ["owner"],
  "permissions": ["engage:campaigns:read", "..."],
  "features": ["whatsapp", "flows", "billing", "..."]
}