Authentication
Pass a Bearer API key on every request.
Every request needs your key in the Authorization header.
Authorization: Bearer sai_sk_your_key_hereCreate, name, and revoke keys on the API keys page. A missing or bad key returns 401; a revoked or expired one returns 403.
The full key is shown once, at creation. Treat it like a password: keep it server-side, never in client code or a repo. Lost it? Revoke and make a new one.
Rate limits
Each response carries your rate-limit state in headers.
| Header | Meaning |
|---|---|
X-RateLimit-Limit | Requests allowed per minute. |
X-RateLimit-Remaining | Requests left this minute. |
X-RateLimit-Reset | Unix time when the window resets. |
Over the limit returns 429 with a Retry-After header. Back off until it passes, then retry. Limits are per key, so give separate workloads separate keys.