Authentication
All API requests must be authenticated.
API Keys
Get your API key from the dashboard.
Key Types
| Type | Prefix | Access |
|---|
| Secret (Live) | sk_live_ | Full access, production |
| Secret (Test) | sk_test_ | Full access, test environment |
| Public (Live) | pk_live_ | Read-only, client-safe |
| Public (Test) | pk_test_ | Read-only, test environment |
Using API Keys
Bearer Token (Recommended)
curl https://recall.brainzlab.ai/api/v1/logs \
-H "Authorization: Bearer sk_live_xxxxxxxx"
curl https://recall.brainzlab.ai/api/v1/logs \
-H "X-API-Key: sk_live_xxxxxxxx"
Query Parameter
Not recommended. Keys may be logged in server access logs.
curl "https://recall.brainzlab.ai/api/v1/logs?api_key=sk_live_xxx"
Key Security
Never expose secret keys in client-side code!
Best Practices
- Use environment variables - Don’t hardcode keys
- Rotate regularly - Generate new keys periodically
- Use test keys - For development and testing
- Limit scope - Use read-only keys where possible
Revoking Keys
- Go to Dashboard > Settings > API Keys
- Click “Revoke” on the key
- Generate a new key
Revoked keys stop working immediately.
Service Tokens
For server-to-server communication between Brainz Lab services:
curl https://recall.brainzlab.ai/internal/api/v1/... \
-H "X-Service-Token: srv_xxxxxxxx"
Error Responses
Invalid Key
{
"error": {
"code": "invalid_api_key",
"message": "The API key provided is invalid"
}
}
Missing Key
{
"error": {
"code": "missing_api_key",
"message": "No API key was provided"
}
}
Expired Key
{
"error": {
"code": "expired_api_key",
"message": "This API key has been revoked"
}
}
