Oblic

Authentication

The Oblic API uses Bearer token authentication combined with IP whitelisting to ensure secure access to your data. You'll need to create an authentication key (authkey) and configure IP whitelisting to access any of the API endpoints.

Bearer Token Authentication

All API requests must include a valid Bearer token in the Authorization header. The token authenticates your application and determines the access level based on the assigned role.

Creating an Authkey

To create an authentication key:

  1. Navigate to your organization settings in the Oblic dashboard
  2. Click on the API Integration tab
  3. Click the Create Authkey button
  4. In the dialog that appears:
    • Enter a descriptive Authkey Name (e.g., "Production Server", "Development App")
    • Select the appropriate Role (Admin or User)
  5. Click Create

Your authkey will be generated and displayed only once. Make sure to copy and store it securely.

⚠️ Important

The authkey is shown only once during creation. Store it securely and never commit it to version control. If you lose the key, you'll need to delete it and create a new one.

Managing Authkeys

The API Integration Settings page displays:

  • Name: The descriptive name you assigned
  • Authkey: The authentication token (partially masked for security)
  • Role: The permission level (Owner, User, etc.)
  • Created At: When the key was created
  • Actions: Delete option to revoke access

You can create multiple authkeys for different applications or environments (up to your plan's limit).

IP Whitelisting

In addition to Bearer token authentication, Oblic requires IP address whitelisting for enhanced security. Only requests from whitelisted IP addresses will be accepted, even with a valid authkey.

Adding Whitelisted IPs

To configure IP whitelisting:

  1. Go to API Integration settings
  2. Under Organization's Whitelisted IPs, enter the IP address in the input field
  3. Click the + button to add it to the whitelist
ℹ️ Note

Changes to IP whitelisting may take up to 5 minutes to take effect. Plan accordingly when updating your whitelist.

IP Whitelist Management

  • Limit: You can whitelist up to 100 IP addresses per organization
  • Current Usage: The settings page shows how many addresses you've whitelisted (e.g., "Using 1 of 100 allowed IP addresses")
  • Removal: Click the × icon next to an IP address to remove it from the whitelist

Making Authenticated Requests

Once you have created an authkey and whitelisted your IP address, include the Bearer token in the Authorization header of all API requests:

Example request with Bearer token

curl https://api.oblic.app/external/contact-list/v1/a459be9e-******-0af3f8fe5ae7/add \
  -H "Authorization: Bearer o9KP********************CJoX"

Replace the token with your actual authkey. The request must originate from a whitelisted IP address.

Security Best Practices

✓ Store tokens securely

Never commit authkeys to version control. Use environment variables or secure secret management systems.

✓ Rotate keys regularly

If you suspect a key has been compromised, delete it immediately and create a new one.

✓ Use specific IP addresses

Whitelist only the specific IP addresses that need API access. Avoid using broad IP ranges.

✓ Assign appropriate roles

Use the principle of least privilege. Assign the minimum role required for each authkey's intended purpose.

Was this page helpful?