Authentication

All API requests require authentication using an API key.

API Keys

API keys are created and managed in your dashboard. Each key has the following format:

sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keep your API keys secure! Never expose them in client-side code, public repositories, or share them with others.

Using API Keys

Include your API key in the Authorization header of every request:

import OpenAI from 'openai';

const client = new OpenAI({
  baseURL: 'https://api.assistantrouter.com/v1',
  apiKey: process.env.ASSISTANTROUTER_API_KEY, // sk-xxx...
});

from openai import OpenAI

client = OpenAI(
    base_url="https://api.assistantrouter.com/v1",
    api_key=os.environ["ASSISTANTROUTER_API_KEY"],  # sk-xxx...
)

curl https://api.assistantrouter.com/v1/chat/completions \
  -H "Authorization: Bearer $ASSISTANTROUTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"assistant_id": "your-assistant-uuid", "messages": [{"role": "user", "content": "Hello!"}]}'

Key Management

Creating Keys

Go to Settings > API Keys in the dashboard
Click Create API Key
Enter a descriptive name
Optionally set an expiration date
Copy the key immediately (it won't be shown again)

Revoking Keys

If a key is compromised:

Go to Settings > API Keys
Find the key and click Revoke
Create a new key and update your applications

Revoking a key is immediate and irreversible. All requests using the revoked key will fail.

Best Practices

Use environment variables - Never hardcode API keys in your code
Rotate keys regularly - Create new keys and deprecate old ones periodically
Use separate keys per environment - Different keys for development, staging, and production
Set expiration dates - Keys can be configured to expire automatically
Monitor usage - Review API key usage in the dashboard to detect anomalies

Error Responses

Invalid or missing authentication returns a 401 Unauthorized error:

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key provided",
    "request_id": "req_abc123"
  }
}

Common authentication errors:

Code	Description
`authentication_error`	The API key is invalid, missing, or malformed
`authorization_error`	Valid key but insufficient permissions for this workspace

Request Headers

Every response includes useful headers:

Header	Description
`X-Request-ID`	Unique request identifier for debugging
`X-RateLimit-Limit`	Maximum requests in current window
`X-RateLimit-Remaining`	Remaining requests in current window
`X-RateLimit-Reset`	Unix timestamp when window resets

Authentication

All API requests require authentication using an API key.

API Keys

API keys are created and managed in your dashboard. Each key has the following format:

sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Keep your API keys secure! Never expose them in client-side code, public repositories, or share them with others.

Using API Keys

Include your API key in the Authorization header of every request:

import OpenAI from 'openai';

const client = new OpenAI({
  baseURL: 'https://api.assistantrouter.com/v1',
  apiKey: process.env.ASSISTANTROUTER_API_KEY, // sk-xxx...
});

from openai import OpenAI

client = OpenAI(
    base_url="https://api.assistantrouter.com/v1",
    api_key=os.environ["ASSISTANTROUTER_API_KEY"],  # sk-xxx...
)

curl https://api.assistantrouter.com/v1/chat/completions \
  -H "Authorization: Bearer $ASSISTANTROUTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"assistant_id": "your-assistant-uuid", "messages": [{"role": "user", "content": "Hello!"}]}'

Key Management

Creating Keys

Go to Settings > API Keys in the dashboard
Click Create API Key
Enter a descriptive name
Optionally set an expiration date
Copy the key immediately (it won't be shown again)

Revoking Keys

If a key is compromised:

Go to Settings > API Keys
Find the key and click Revoke
Create a new key and update your applications

Revoking a key is immediate and irreversible. All requests using the revoked key will fail.

Best Practices

Use environment variables - Never hardcode API keys in your code
Rotate keys regularly - Create new keys and deprecate old ones periodically
Use separate keys per environment - Different keys for development, staging, and production
Set expiration dates - Keys can be configured to expire automatically
Monitor usage - Review API key usage in the dashboard to detect anomalies

Error Responses

Invalid or missing authentication returns a 401 Unauthorized error:

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid API key provided",
    "request_id": "req_abc123"
  }
}

Common authentication errors:

Code	Description
`authentication_error`	The API key is invalid, missing, or malformed
`authorization_error`	Valid key but insufficient permissions for this workspace

Request Headers

Every response includes useful headers:

Header	Description
`X-Request-ID`	Unique request identifier for debugging
`X-RateLimit-Limit`	Maximum requests in current window
`X-RateLimit-Remaining`	Remaining requests in current window
`X-RateLimit-Reset`	Unix timestamp when window resets

Authentication

Authentication

API Keys

Using API Keys

Key Management

Creating Keys

Revoking Keys

Best Practices

Error Responses

Request Headers

On this page

Authentication

Authentication

API Keys

Using API Keys

Key Management

Creating Keys

Revoking Keys

Best Practices

Error Responses

Request Headers

On this page