Saltar al contenido principal

Authentication

The Shield API authenticates every request with two headers:

HeaderValue
X-Tenant-IDYour tenant ID (shown in the portal under Account settings)
X-API-KeyA key you create in Developer → API keys
curl "https://shield.orbis.roundbox.dev/api/v1/urlsearch?value=example.com" \
-H "X-Tenant-ID: 00000000-0000-0000-0000-000000000000" \
-H "X-API-Key: shld_live_xxxxxxxxxxxxxxxxxxxxxxxx"

Creating a key

  1. Sign in to the Orbis Shield portal.
  2. Go to Developer → API keys → Create a key.
  3. Give it a name and select the module scopes it may call (urlsearch, ipsearch, dnssearch, darkweb, antispam).
  4. Copy the key immediately — the full secret (shld_live_…) is shown once and is never retrievable again. Only a short prefix is stored for display.

Scopes

A key only works for the modules it was granted. Calling a module the key isn't scoped for returns 403 Forbidden. Create separate keys per integration (e.g. one for your SMS gateway with antispam, one for your firewall with urlsearch+ipsearch) so you can revoke them independently.

Revoking

Revoke a key any time from Developer → API keys. Revocation is immediate — the next request with that key returns 401. Key creation and revocation are recorded in your Audit log.

Security notes

  • Keep keys server‑side. They are bearer credentials for your whole tenant scope.
  • Rotate by creating a new key, deploying it, then revoking the old one.
  • All traffic must use HTTPS; requests over plain HTTP are rejected.