Authentication

All API calls to the TIRMS API require API Key-based authentication. The API key must be included in the Authorization header for every request.

Getting Your API Key

API keys can be generated from the TIRMS portal by an administrator from your organization. Keep this key secure; it will be used in the Authorization header for every API request.

Authentication Header

Include your API key in the Authorization header using the Bearer token format:

Example request with API key

curl https://tirms.ncc.gov.ng/api/v1/phone/api/phone-numbers/verify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"phoneNumber": "08012345678"}'

Security Best Practices

Never expose API keys in frontend applications or client-side code
Rotate keys regularly or immediately if compromised
Use HTTPS for all API requests
Monitor logs for any unauthorized access attempts

Error Responses

If authentication fails, you'll receive one of these error responses:

401 Unauthorized: Missing or invalid API key
403 Forbidden: Insufficient permissions for the requested operation

Example authentication error

{
  "error": {
    "code": 401,
    "message": "Invalid API key",
    "details": "The provided API key is not valid or has expired"
  }
}