Skip to main content
Lab (api-test.idunox.com): send X-Api-Key: <your-api-key> on every /v1/* request. Bearer is also accepted when calling Cloud Run URLs directly.

Credentials

During onboarding, Idunox issues each partner two credentials:
CredentialDescription
API KeySecret key included in the Authorization header on every authenticated request
Partner IDUUID identifying your account; included in submission request bodies as partnerId
Contact partner@idunox.com if you have not received your credentials.

Authorization header

Include your API key as a Bearer token on every authenticated request: 
Authorization: Bearer <your-api-key>

Validate your credentials

Before integrating, confirm your credentials are active: 
GET /v1/partner-auth-probe
Authorization: Bearer <your-api-key>
A successful response returns 204 No Content with no response body. This endpoint only validates that the API key is active and resolves to an enabled account.

Partner ID in submissions

Include your partnerId in the body of every POST /v1/submissions request: 
{
  "partnerId": "<your-partner-id>",
  "schemaVersion": "canonical_submission_v1",
  ...
}
If the partnerId in the body does not match the credentials used in the Authorization header, the request returns 403.

Account isolation

Every resource — submissions, results, artifacts — is scoped to your account. Requests for IDs that belong to another account return 404, not 403, to avoid information disclosure.