Dashboard API authentication
The Dashboard API (api.amlexia.com) is separate from Ingest (ingest.amlexia.com).
| API | Auth | Used by |
|---|---|---|
| Ingest | sdk_key in JSON body | Your app servers |
| Dashboard | Clerk session JWT | Browser, custom admin tools |
Clerk JWT
The web app sends:
http
Authorization: Bearer <clerk_session_token>Obtain tokens via Clerk in your own app only if you build a custom dashboard — normal users use app.amlexia.com.
Organization context
Most routes require an active organization in Clerk. The API resolves:
- User id from JWT
- Org membership and role (
owner,admin,member) - Project access within org
RBAC
| Role | Typical access |
|---|---|
| owner | Full org + billing + member management |
| admin | Projects, alerts, settings |
| member | Read dashboards, saved views |
See Team & RBAC.
SDK key is NOT a dashboard token
Possessing am_... only allows ingest. It does not let someone log into the dashboard or call /api/*.
Health (no auth)
http
GET https://api.amlexia.com/health