Quickstart
Provisioning a project
Mint an Authio tenant + project + first sk_live_ key.
During alpha, every Authio tenant is bootstrapped via a one-shot token. Once the dashboard ships self-serve signup, this flow is replaced by a real sign-up wizard.
1. Set the bootstrap token
Set AUTHIO_BOOTSTRAP_TOKEN on your authio_management-api service to a freshly-generated random string (32+ characters). Anyone who knows this token can mint new tenants — treat it like a master key. Rotate it immediately after the first successful bootstrap.
2. Mint the tenant
curl -X POST https://api.authio.com/v1/bootstrap \
-H "content-type: application/json" \
-H "x-authio-bootstrap-token: $AUTHIO_BOOTSTRAP_TOKEN" \
-d '{
"tenant_name": "Acme Inc",
"project_name": "production",
"environment": "production"
}'The response includes the plaintext sk_live_ key — shown once:
{
"tenant": { "id": "ten_...", "name": "Acme Inc" },
"project": { "id": "proj_...", "name": "production", "environment": "production" },
"api_key": {
"id": "key_...",
"secret": "sk_live_...",
"warning": "This is the only time the secret will be shown."
}
}3. Use the secret key
curl https://api.authio.com/v1/projects/me \
-H "Authorization: Bearer sk_live_..."4. Mint additional keys (recommended)
Cut narrowly-scoped keys per environment or service rather than re-using the bootstrap key. Keys are stored as SHA-256 hashes; the plaintext is shown once.
curl -X POST https://api.authio.com/v1/api-keys \
-H "Authorization: Bearer sk_live_..." \
-H "content-type: application/json" \
-d '{
"prefix": "sk_test_",
"name": "ci",
"scopes": []
}'