Partner API Fundamentals
Authentication
Learn to how to access the Partner API
To use the Ownright Partner API, you must authenticate each request with a set of headers that
identify your application and prove that the request is authorized. The authentication process
is simple and stateless — just supply three headers with each request.
Overview
Every API request must include the following headers:X-Ownright-Client-Id- Identifies your registered API clientX-Ownright-API-Key- Authenticates your requestX-Ownright-Organization-Id- Specifies the Ownright platform organization
All three headers are required for every request to the Partner API.
Steps to obtain and use an API key
1
Register an API client
Contact the Ownright team ([email protected]) to register your application. Once registered, you’ll
receive a unique client ID. You must include this in the
X-Ownright-Client-Id header
in every request.Self-service client registration will be available in the Partner Dashboard soon.
2
Request an API key
Our team will issue one or more long-lived API keys tied to your API client record.
These act like permanent access tokens. You must include the API key in the
X-Ownright-API-Key
header with every request.Treat your API keys like secrets — keep them out of client-side code and version control.
3
Add the organization ID
All requests must include a shared
X-Ownright-Organization-Id header. This value is
constant across all partners and identifies the core Ownright platform internally.We’ll provide the correct value during onboarding. There is no need to manage or
change this identifier.Sample request
Security and key management
- API keys are tied to your business account and logged internally
- Store them securely — rotate if compromised
- Contact [email protected] to revoke or generate new keys
- Webhook signature verification is covered separately in the Webhooks section