Authentication
Learn to how to access the Partner API
To use the Ownright Partner API, you must authenticate each request with a set of headers that identify your application and prove that the request is authorized. The authentication process is simple and stateless — just supply three headers with each request.
Overview
Every API request must include the following headers:
X-Ownright-Client-Id- Identifies your registered API clientX-Ownright-API-Key- Authenticates your requestX-Ownright-Organization-Id- Specifies the Ownright platform organization
All three headers are required for every request to the Partner API.
Steps to obtain and use an API key
Register an API client
Contact the Ownright team ([email protected]) to register your application. Once registered, you’ll
receive a unique client ID. You must include this in the X-Ownright-Client-Id header
in every request.
Request an API key
Our team will issue one or more long-lived API keys tied to your API client record.
These act like permanent access tokens. You must include the API key in the X-Ownright-API-Key
header with every request.
Add the organization ID
All requests must include a shared X-Ownright-Organization-Id header. This value is
constant across all partners and identifies the core Ownright platform internally.
We’ll provide the correct value during onboarding. There is no need to manage or change this identifier.
Sample request
Security and key management
- API keys are tied to your business account and logged internally
- Store them securely — rotate if compromised
- Contact [email protected] to revoke or generate new keys
Webhook signature verification is covered separately in the Webhooks section