Getting started
Authentication
Ilmenite authenticates every request with an API key. Keys are issued per-workspace and prefixed with il_ (live) or il_test_ (test mode).
Sending the key
Pass your key in the Authorization header as a Bearer token. We do not accept API keys in query strings.
Authorization: Bearer il_live_9f3a...Creating keys
Create, rotate, and revoke keys from the dashboard under Settings → API Keys. Each workspace can hold up to 50 active keys; revoked keys stop authenticating immediately.
Scoped keys
Keys can be restricted by scope and by origin IP range:
scrape:read— scrape + extract endpoints onlycrawl:write— launch and manage crawl jobsadmin:*— billing and team management
Rotation
Generate a new key, deploy it, then revoke the old one. Rotations are instant; there is no grace period. For zero-downtime rotation, accept both keys in your app for a rollout window and then revoke.
If a key leaks
- Revoke the key from the dashboard.
- Check the Usage tab for anomalous calls in the last 24h.
- Email security@ilmenite.dev if you see unexpected charges — we'll investigate and credit abusive usage.