API Authentication

Learn how to authenticate and secure your API requests with AyAgent

Overview

AyAgent API uses API key authentication to secure your requests. All API requests must include a valid API key in the request headers. This guide will walk you through obtaining your API key, making authenticated requests, and following security best practices.

Security Notice

Keep your API keys secure and never expose them in client-side code. Always make API calls from your backend server or secure environment.

Getting Your API Key

To obtain your API key, follow these steps:

  1. Log in to your AyAgent dashboard
  2. Navigate to Settings → API Keys
  3. Click "Generate New API Key"
  4. Give your key a descriptive name
  5. Copy and securely store your API key
Important

Your API key will only be displayed once. Make sure to copy and store it securely before leaving the page. If you lose your key, you'll need to generate a new one.

Authentication Methods

AyAgent supports the following authentication methods:

API Key in Header

Include your API key in the Authorization header with the Bearer prefix:

cURL Example
bash
curl -X GET "https://api.ayagent.com/v1/agents" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

API Key in Query Parameter

Alternatively, you can include your API key as a query parameter (not recommended for production):

Query Parameter Example
bash
curl -X GET "https://api.ayagent.com/v1/agents?api_key=YOUR_API_KEY"

Making Authenticated Requests

Here are examples of making authenticated requests in different programming languages:

JavaScript/Node.js

JavaScript Example
javascript
const axios = require('axios');

const apiKey = process.env.AYAGENT_API_KEY;
const baseURL = 'https://api.ayagent.com/v1';

const client = axios.create({
  baseURL,
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

// Get all agents
async function getAgents() {
  try {
    const response = await client.get('/agents');
    return response.data;
  } catch (error) {
    console.error('Error:', error.response.data);
  }
}

Python

Python Example
python
import requests
import os

api_key = os.getenv('AYAGENT_API_KEY')
base_url = 'https://api.ayagent.com/v1'

headers = {
    'Authorization': f'Bearer {api_key}',
    'Content-Type': 'application/json'
}

# Get all agents
def get_agents():
    response = requests.get(f'{base_url}/agents', headers=headers)
    if response.status_code == 200:
        return response.json()
    else:
        print(f'Error: {response.status_code} - {response.text}')
        return None

Response Codes

The API returns standard HTTP status codes to indicate the success or failure of requests:

HTTP Status Codes

200Success - Request completed successfully
201Created - Resource created successfully
400Bad Request - Invalid request parameters
401Unauthorized - Invalid or missing API key
403Forbidden - Insufficient permissions
429Rate Limited - Too many requests
500Server Error - Internal server error

Rate Limits

To ensure fair usage and maintain service quality, the AyAgent API implements rate limiting:

  • Standard Plan: 1,000 requests per hour
  • Pro Plan: 5,000 requests per hour
  • Enterprise Plan: 10,000 requests per hour

Rate limit information is included in response headers:

Rate Limit Headers
http
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

Security Best Practices

  • Environment Variables: Store API keys in environment variables, never in code
  • Server-Side Only: Never expose API keys in client-side applications
  • Rotate Keys: Regularly rotate your API keys
  • Monitor Usage: Monitor API usage for unusual activity
  • Use HTTPS: Always use HTTPS for API requests
  • Restrict Access: Use IP whitelisting when possible
API Reference
Explore all available API endpoints and parameters
View API Reference
SDKs & Libraries
Use our official SDKs for easier integration