Docs Getting Started Authentication

Authentication

All API endpoints (except /health) require authentication via an API key.

Getting API credentials

  1. Sign up at the Award Intelligence Engine platform
  2. Create an organisation — select “Developer” as your organisation type during onboarding
  3. Request API access — from your Account page, click “Request API Access” and describe your use case
  4. Wait for approval — an administrator will review and approve your request
  5. Receive credentials — once approved, an administrator will generate your API credentials and share the secret with you securely

Credential format

You will receive two values:

ValueFormatExample
Key IDak_ followed by 32 hex charactersak_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4
Secretsk_ followed by a long random stringsk_AbCdEf123456...

The secret is shown exactly once at creation time. It cannot be retrieved again. Store it securely.

Using your credentials

Pass both values in the Authorization header as a Bearer token, separated by a colon:

Authorization: Bearer ak_<key_id>:sk_<secret>

Example

curl -X POST https://api.awardsintelligence.com.au/api/v1/calculate-pay \
  -H "Authorization: Bearer ak_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4:sk_AbCdEf123456789..." \
  -H "Content-Type: application/json" \
  -d '{"award_code": "MA000009", "classification_code": "HI1", ...}'

Python

import requests

API_KEY = "ak_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4"
API_SECRET = "sk_AbCdEf123456789..."
BASE_URL = "https://api.awardsintelligence.com.au/api/v1"

headers = {
    "Authorization": f"Bearer {API_KEY}:{API_SECRET}",
    "Content-Type": "application/json",
}

response = requests.post(f"{BASE_URL}/calculate-pay", headers=headers, json={
    "award_code": "MA000009",
    "classification_code": "HI1",
    "employment_type": "full_time",
    "work_date": "2026-03-16",
    "start_time": "09:00",
    "end_time": "17:00",
    "unpaid_break_minutes": 30,
})

print(response.json())

JavaScript / Node.js

const API_KEY = "ak_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4";
const API_SECRET = "sk_AbCdEf123456789...";
const BASE_URL = "https://api.awardsintelligence.com.au/api/v1";

const response = await fetch(`${BASE_URL}/calculate-pay`, {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${API_KEY}:${API_SECRET}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    award_code: "MA000009",
    classification_code: "HI1",
    employment_type: "full_time",
    work_date: "2026-03-16",
    start_time: "09:00",
    end_time: "17:00",
    unpaid_break_minutes: 30,
  }),
});

const data = await response.json();
console.log(data);

Error responses

StatusMeaning
401 UnauthorizedMissing, invalid, or expired credentials
403 ForbiddenValid credentials but insufficient access (e.g. organisation suspended)
429 Too Many RequestsRate limit exceeded — see Rate Limiting

401 response example

{
  "detail": "Missing authorization header. Provide: Authorization: Bearer <token>"
}

Security best practices

  • Never expose your API secret in client-side code, public repositories, or browser JavaScript
  • Use environment variables to store credentials in your application
  • Rotate credentials if you suspect compromise — contact your administrator to revoke the old key and issue a new one
  • Use HTTPS only — API credentials are transmitted in the Authorization header and must be encrypted in transit