Documentation Index
Fetch the complete documentation index at: https://docs.igrisecurity.com/llms.txt
Use this file to discover all available pages before exploring further.
Authentication
Igris supports two authentication methods depending on the context.Session Cookies (Dashboard)
When you log in through the dashboard, Better Auth sets anigris.session_token cookie. This cookie is automatically sent with all dashboard requests.
For API calls from a browser context, include credentials:
API Keys (Programmatic Access)
For MCP proxy connections and CI/CD integrations, use API keys.Creating an API Key
- Go to Settings → API Keys in the dashboard
- Click Create Key
- Give it a label (e.g., “Proxy - Production”, “CI Pipeline”)
- Copy the key — it’s only shown once
ig_ followed by a random string:
Using an API Key
Pass the key in theAuthorization header:
Key Scoping
API keys inherit the permissions of the user who created them and are scoped to their active organization. A key created by an admin has admin-level access to that organization’s resources.Revoking Keys
Revoke a key in Settings → API Keys by clicking Revoke. Revoked keys immediately stop working — any proxy connections using that key will receive401 Unauthorized.
Organization Context
All API requests are scoped to an organization. The organization is determined by:- Session cookies — the user’s active organization in their session
- API keys — the organization the key was created in
Error Responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing, invalid, or revoked credentials |
403 Forbidden | Valid credentials but insufficient role permissions |
403 Plan Required | Feature requires a higher plan tier |
RBAC Roles
Permissions are enforced based on the user’s role in the organization:| Role | Governance | Billing | Members |
|---|---|---|---|
| Owner | Full | Full | Full |
| Admin | Full | View | Manage |
| Developer | Own servers | — | — |
| CISO | View | View | — |
| Auditor | Read-only | — | — |