Authentication¶
Learn how to authenticate with our AI-powered API using API keys and other authentication methods.
API Keys¶
API keys are the primary method of authentication for our API. Each API key is unique and should be kept secure.
Getting Your API Key¶
- Sign up at our platform
- Navigate to the API Keys section
- Create a new API key
- Copy and securely store your key
Security Warning
Never expose your API key in client-side code, public repositories, or logs. Always use environment variables or secure configuration management.
Using API Keys¶
Include your API key in the Authorization header of all requests:
Example Requests¶
Environment Variables¶
Store your API key securely using environment variables:
Unix/Linux/macOS¶
Windows (Command Prompt)¶
Windows (PowerShell)¶
Using Environment Variables in Code¶
API Key Management¶
Creating Multiple Keys¶
You can create multiple API keys for different purposes:
- Development: For testing and development
- Production: For live applications
- Read-only: For monitoring and analytics
- Admin: For administrative tasks
Key Permissions¶
Each API key can have different permissions:
| Permission | Description |
|---|---|
read |
Can read data and generate content |
write |
Can create and update resources |
admin |
Full administrative access |
webhook |
Can manage webhooks |
Rotating Keys¶
Regularly rotate your API keys for security:
- Create a new API key
- Update your applications to use the new key
- Test that everything works correctly
- Delete the old key
Error Responses¶
Invalid API Key¶
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid",
"details": {
"key_id": "key_1234567890"
}
}
}
Expired API Key¶
{
"success": false,
"error": {
"code": "EXPIRED_API_KEY",
"message": "The API key has expired",
"details": {
"expired_at": "2024-01-01T00:00:00Z"
}
}
}
Missing API Key¶
{
"success": false,
"error": {
"code": "MISSING_API_KEY",
"message": "API key is required",
"details": {
"header": "Authorization"
}
}
}
Best Practices¶
Security¶
- Never commit API keys to version control
- Use environment variables for configuration
- Rotate keys regularly (every 90 days)
- Monitor key usage for suspicious activity
- Use different keys for different environments
Rate Limiting¶
- Respect rate limits to avoid 429 errors
- Implement exponential backoff for retries
- Monitor usage to stay within limits
- Use appropriate timeouts for requests
Error Handling¶
async function makeAPIRequest(endpoint, data) {
try {
const response = await fetch(`https://api.example.com/v1/${endpoint}`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.API_KEY}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(data)
});
if (!response.ok) {
const error = await response.json();
switch (response.status) {
case 401:
throw new Error('Invalid API key. Please check your credentials.');
case 403:
throw new Error('Access denied. Check your API key permissions.');
case 429:
throw new Error('Rate limit exceeded. Please try again later.');
default:
throw new Error(`API Error: ${error.error.message}`);
}
}
return await response.json();
} catch (error) {
console.error('API request failed:', error.message);
throw error;
}
}
Next Steps¶
- Rate Limits - Understand usage limits
- Error Codes - Complete error reference
- Best Practices - Security recommendations
- SDKs - Official client libraries
Last update:
July 14, 2025
Created: July 14, 2025
Created: July 14, 2025