Authentication
Inspire uses different authentication methods depending on the context.
Web Application
The Inspire web application uses session-based authentication:
- User logs in with email and password
- A secure session cookie is set
- All subsequent requests include the cookie automatically
- Sessions expire after 24 hours of inactivity
API Authentication
Ingest Keys
Data ingestion APIs use ingest keys:
Authorization: Bearer ik_live_abc123def456...- Prefixed with
ik_for identification - Scoped to a specific connector/stream
- Created and managed in Data Sources
- Can be rotated without reconfiguring the connector
API Keys (v1 Legacy)
The v1 compatibility API uses legacy API keys:
X-API-Key: your-api-key- Managed in Settings > API Keys
- Existing legacy keys continue to work
- Scoped to the tenant level
Key Management Best Practices
| Practice | Why |
|---|---|
| Use separate keys per integration | Isolates access — revoking one key does not break others |
| Rotate keys periodically | Limits exposure if a key is compromised |
| Never commit keys to version control | Use environment variables instead |
| Use the minimum scope needed | Ingest keys are scoped to a single stream |
| Monitor key usage | Check connector logs for unexpected activity |
If you suspect a key has been compromised, rotate it immediately in the Inspire settings. The old key is invalidated instantly.
SSO / SAML
SSO and SAML support is planned for a future release. It is not available in the current version.
Last updated on