Bearer Authentication

For security reasons, the Ironclad API employs a bearer authentication scheme. In order to send requests, you’ll need to include a bearer token in your request headers.

Authorization: Bearer <token>


Store Tokens Securely

Each bearer token provides unrestricted access to the endpoints in the Ironclad API. This allows anyone to view and manipulate contract and company data in your Ironclad account.

For this reason, a token’s value is hidden from view in Ironclad after creation. Be sure to save this token with your company’s other sensitive information.

Generating Tokens

You can generate these access tokens in Ironclad by clicking [YOUR_NAME] > Company Settings > API > Access Tokens. Adding a valid token to the “Authorization” header will validate your request.


Permissions (Generating Tokens)

Only company admins have the ability to generate API tokens. See your internal company's admin if you need to be added to the admin group.

Base URL

API calls must target the base URL of the environment you are using. The examples in this guide will use Ironclad's standard production URL ( Please log in to your Ironclad account and check the domain to verify the base URL.

Note: If you have purchased a separate sandbox instance, your base URL may differ from your production instance.

Example Usage

The following is an example using the Fetch API with the List all Records endpoint and using an API key on the HTTP request.

// This example is for demonstration purposes only.

const listRecords = async() => {
  try {
    // Retrieve data from the API.
    const recordsData = await fetch('', {
      headers: {
        'Authorization': `Bearer ${myApiKey}`,
        'Accept': 'application/json'

    // Retrieve the JSON response.
    const jsonData = await recordsData.json();

    // Ensure list property exists or exit.
    if (!jsonData.list) throw new Error('No list property existed!');

    // Log the Record Names to the console.
    jsonData.list.forEach(record => console.log(
  } catch(err) {