Scoped API KEY · 2026-06-23

API KEY Integration Docs

Each user can maintain up to three scoped API keys: residential, mobile, and unlimited. A key can only access APIs in its own scope, while key management must use JWT.

https://ipfist.com

Authorization: Bearer

ak_...

01 · API KEY Docs

Core Changes

The old t_sys_user.ApiKey is retired, and user info no longer returns the legacy apiKey field. New API keys live in bs_user_api_key and are authorized by scope.

Three Keys

A user can maintain residential, mobile, and unlimited scoped API keys.

Scope Isolation

An API key can only access resources in its own scope. Cross-scope access returns 403.

JWT for Management

GetApiKeys and GenerateApiKey require JWT. API keys cannot query or create API keys.

Authentication

Authorization: Bearer {JWT_OR_API_KEY}

JWT and API keys both use Authorization: Bearer; use only one credential per request.
API keys must start with ak_.
Except proxy text generation endpoints, business APIs return the unified JSON wrapper.

Migration Notes

The legacy t_sys_user.ApiKey field is no longer compatible.
The user info endpoint no longer returns the old apiKey field.
Frontend display and generation should only use canonical scopes: residential, mobile, and unlimited.