Authentication methods
The ION GraphQL API supports two authentication methods: API keys for machine-to-machine integrations and OAuth 2.0 for user-facing applications. Every request uses the same endpoint andAuthorization header. Only the way you obtain the token differs.
Endpoint and headers
Every authenticated request targets a single GraphQL endpoint. Include the access token on every request:Authorization: Token <token> for backward compatibility. Prefer Bearer. For multipart file uploads, set Content-Type: multipart/form-data. Follow the flow in File Upload.
Troubleshooting
When ION rejects a request during authentication, the response carries anerrors[].message payload:
401 Unauthorized, 403 Forbidden, rate limits, and 5xx errors), see Error codes.