> ## Documentation Index
> Fetch the complete documentation index at: https://developers-test.idunox.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Partner portal (API keys)

> Self-service API key management for partner IT on the andres-test environment.

<Note>
  **Andres-test only.** The partner portal is separate from this docs site and from Idunox staff admin (`admin-test.idunox.com`). You need portal credentials from Idunox before you can sign in.
</Note>

## What it is

The **partner portal** lets your IT team create, rotate, and revoke API keys for **`https://api-test.idunox.com`** without waiting for Idunox staff to hand off secrets.

| Item       | Value                                                           |
| ---------- | --------------------------------------------------------------- |
| Portal URL | `https://partner-test.idunox.com` (opens sign-in at `/partner`) |
| Login      | Email + password (provided by Idunox during onboarding)         |
| Data API   | `https://api-test.idunox.com/v1/` with `X-Api-Key`              |
| Docs       | `https://developers-test.idunox.com`                            |

The portal uses Idunox branding with a light/dark theme toggle. Staff manage the same keys from `admin-test.idunox.com` if needed.

## Getting access

1. Idunox provisions a **portal user** for your organization (secure channel — not email with API keys).
2. Open **`https://partner-test.idunox.com`** — you are redirected to the sign-in page.
3. Create your first API key — **copy the plaintext key immediately**; it is shown once.

Contact `partner@idunox.com` if you do not have portal access.

## Key lifecycle

| Action     | Behaviour                                                                        |
| ---------- | -------------------------------------------------------------------------------- |
| **Create** | New key, default validity **365 days**; plaintext shown once                     |
| **Rotate** | New key issued; old key stays valid for **24, 48, or 72 hours** (overlap window) |
| **Revoke** | Key stops working immediately                                                    |

In the portal you always see **masked prefix + status** (active, expiring, grace, revoked). Full keys are never shown again after create/rotate.

## After you have a key

Validate and integrate using the main API:

```bash theme={null}
curl -H "X-Api-Key: <your-api-key>" \
  https://api-test.idunox.com/v1/partner-auth-probe
```

Then follow the [Integration flow](/quickstart).

## API reference (portal)

Authenticated endpoints use JWT after login (`Authorization: Bearer <token>`).

| Method | Path                                 | Purpose                     |
| ------ | ------------------------------------ | --------------------------- |
| POST   | `/v1/partner/auth/login`             | Email + password → JWT      |
| GET    | `/v1/partner/me`                     | Current user + tenant       |
| GET    | `/v1/partner/config`                 | Public config (no auth)     |
| GET    | `/v1/partner/credentials`            | List keys (masked)          |
| POST   | `/v1/partner/credentials`            | Create key (plaintext once) |
| POST   | `/v1/partner/credentials/:id/rotate` | Rotate with grace period    |
| POST   | `/v1/partner/credentials/:id/revoke` | Revoke immediately          |

Full guide (staff): `docs/andres-test/PARTNER_PORTAL_API.md` in the andres-test repo.

## Security

* Store API keys in a secrets manager — not source control or chat.
* Use rotation before expiry; the portal shows **expires in N days** when applicable.
* Andres-test keys and URLs must **not** be registered in production partner systems.