Authenticate a Request

The following details how a client application would authenticate a request to the Ironclad resource API.

Bearer Authentication

To protect customer resources, the Ironclad API employs a bearer authentication scheme. In order to send requests, regardless of how you obtained the access token (e.g. whether through the authorization code grant, the client credentials grant, etc.), you’ll need to include the access token in the Authorization header of resource requests. The format of the Authorization header should be as follows:

Authorization: Bearer ACCESS_TOKEN_HERE


Client Credentials User Requirement

In addition to the Authorization header, requests made with access tokens resulting from the client credentials grant must be made with either the x-as-user-id or x-as-user-email header with a valid user ID or user email. The request scope and context will be in respect to the included user.

Example Usage

The following is an example using the Fetch API with the List all Records endpoint and using an API access token on the HTTP request.

// This example is for demonstration purposes only.
const onBehalfOfUserEmail = '{YOUR_USER_EMAIL}'

const listRecords = async() => {
  try {
    // Retrieve data from the API.
    const recordsData = await fetch('', {
      headers: {
        'Authorization': `Bearer ${myApiAccessToken}`,
        'Accept': 'application/json',
        'x-as-user-email': onBehalfOfUserEmail, // Assuming the token is from the OAuth 2.0 Client Credential grant

    // Retrieve the JSON response.
    const jsonData = await recordsData.json();

    // Ensure list property exists or exit.
    if (!jsonData.list) throw new Error('No list property existed!');

    // Log the Record Names to the console.
    jsonData.list.forEach(record => console.log(
  } catch(err) {