> ## Documentation Index
> Fetch the complete documentation index at: https://api.idunox.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How partners authenticate with the Idunox Platform API.

## Credentials

During onboarding, Idunox issues each partner two credentials:

| Credential     | Description                                                                         |
| -------------- | ----------------------------------------------------------------------------------- |
| **API Key**    | Secret key included in the `Authorization` header on every authenticated request    |
| **Partner ID** | UUID identifying your account; included in submission request bodies as `partnerId` |

Contact `partner@idunox.com` if you have not received your credentials.

## Authorization header

Include your API key as a Bearer token on every authenticated request:

```http theme={null}
Authorization: Bearer <your-api-key>
```

## Validate your credentials

Before integrating, confirm your credentials are active:

```http theme={null}
GET /v1/partner-auth-probe
Authorization: Bearer <your-api-key>
```

A successful response returns `204 No Content` with no response body. This endpoint only validates that the API key is active and resolves to an enabled account.

## Partner ID in submissions

Include your `partnerId` in the body of every `POST /v1/submissions` request:

```json theme={null}
{
  "partnerId": "<your-partner-id>",
  "schemaVersion": "canonical_submission_v1",
  ...
}
```

If the `partnerId` in the body does not match the credentials used in the `Authorization` header, the request returns `403`.

## Account isolation

Every resource — submissions, results, artifacts — is scoped to your account. Requests for IDs that belong to another account return `404`, not `403`, to avoid information disclosure.