Authentication
Igris supports two authentication methods depending on the context.Session Cookies (Dashboard)
When you log in through the dashboard, Better Auth sets anigris.session_token cookie. This cookie is automatically sent with all dashboard requests.
For API calls from a browser context, include credentials:
API Keys (Programmatic Access)
For MCP proxy connections, log ingestion, and CI/CD integrations, use API keys.Creating an API Key
- Go to Settings → API Keys in the dashboard
- Click Create Key
- Give it a label (e.g., “Proxy - Production”, “Portkey Ingestion”)
- Copy the key — it’s only shown once
ig_ followed by a random string:
Using an API Key
Pass the key in theAuthorization header:
Key Scoping
API keys inherit the permissions of the user who created them and are scoped to their active organization. A key created by an admin has admin-level access to that organization’s resources.Revoking Keys
Revoke a key in Settings → API Keys by clicking Revoke. Revoked keys immediately stop working — any proxy connections or ingestion webhooks using that key will receive401 Unauthorized.
Organization Context
All API requests are scoped to an organization. The organization is determined by:- Session cookies — the user’s active organization in their session
- API keys — the organization the key was created in
Error Responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing, invalid, or revoked credentials |
403 Forbidden | Valid credentials but insufficient role permissions |
403 Plan Required | Feature requires a higher plan tier |
RBAC Roles
Permissions are enforced based on the user’s role in the organization:| Role | Governance | Compliance | Billing | Members |
|---|---|---|---|---|
| Owner | Full | Full | Full | Full |
| Admin | Full | Full | View | Manage |
| Developer | Own servers | View | — | — |
| CISO | View | Full | View | — |
| Auditor | Read-only | Read-only | — | — |