Authentication
All Knowhere API requests require authentication using an API key.
Getting Your API Key
- Sign in to the Knowhere Dashboard
- Navigate to API Keys section
- Click Create New Key
- Copy and securely store your key
caution
Your API key grants full access to your account. Keep it secure and never share it publicly or commit it to version control.
Using Your API Key
Include your API key in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEY
Example Request
- cURL
- Python
- Node.js
curl https://api.knowhereto.ai/v1/jobs \
-H "Authorization: Bearer sk_live_abc123..."
import requests
import os
api_key = os.environ.get("KNOWHERE_API_KEY")
response = requests.get(
"https://api.knowhereto.ai/v1/jobs",
headers={"Authorization": f"Bearer {api_key}"}
)
const apiKey = process.env.KNOWHERE_API_KEY;
const response = await fetch('https://api.knowhereto.ai/v1/jobs', {
headers: {
'Authorization': `Bearer ${apiKey}`
}
});
API Key Format
Knowhere API keys follow this format:
| Prefix | Environment | Example |
|---|---|---|
sk_live_ | Production | sk_live_abc123def456... |
sk_test_ | Testing/Sandbox | sk_test_xyz789ghi012... |
Authentication Errors
If authentication fails, you'll receive a 401 Unauthorized response:
{
"success": false,
"error": {
"code": "UNAUTHENTICATED",
"message": "Invalid or missing API key",
"request_id": "req_abc123"
}
}
Common Causes
| Issue | Solution |
|---|---|
Missing Authorization header | Add the header to your request |
| Invalid key format | Ensure key starts with sk_live_ or sk_test_ |
| Expired or revoked key | Generate a new key in the dashboard |
Incorrect Bearer prefix | Use Bearer YOUR_KEY, not just the key |
Best Practices
1. Use Environment Variables
Never hardcode API keys in your source code:
# Set in your environment
export KNOWHERE_API_KEY="sk_live_abc123..."
- Python
- Node.js
import os
api_key = os.environ.get("KNOWHERE_API_KEY")
const apiKey = process.env.KNOWHERE_API_KEY;
2. Use Different Keys for Different Environments
- Use
sk_test_keys for development and testing - Use
sk_live_keys only in production
3. Rotate Keys Regularly
- Generate new keys periodically
- Revoke old keys after rotation
- Update all services using the old key
4. Monitor Key Usage
- Check the dashboard for unusual activity
- Set up alerts for high usage patterns
- Review access logs regularly
Revoking Keys
To revoke a compromised or unused API key:
- Go to Dashboard > API Keys
- Find the key you want to revoke
- Click Revoke
- Confirm the action
warning
Revoking a key is immediate and permanent. All requests using that key will fail instantly.
Rate Limits
API keys are subject to rate limiting. See Billing & Limits for details.