Authentication
Alphagent uses API keys to authenticate requests. Manage your keys securely to protect your account and control access to the API.
#API Keys
Your API key authenticates all requests to Alphagent. Create and manage keys from your Dashboard. For usage examples, see the Quick Start guide.
ik_live_••••••••••••••••••••...#Environment Variables
Never hardcode API keys in source code. Use environment variables to keep keys secure and out of version control.
ALPHAGENT_API_KEY=sk_live_your_key_here
Using environment variables in code
See the Quick Start guide for complete examples
#Security Best Practices
Keep keys server-side only
Never expose API keys in client-side code, mobile apps, or browser JavaScript. Always make API calls from your backend server.
Rotate keys periodically
Generate new API keys regularly and revoke old ones. If you suspect a key has been compromised, revoke it immediately from the Dashboard.
Use separate keys per environment
Create different API keys for development, staging, and production. This limits blast radius if a key is leaked.
#Revoking Keys
If an API key is compromised or no longer needed, revoke it immediately:
- 1.Go to your Dashboard
- 2.Navigate to Settings → API Keys
- 3.Click Revoke next to the compromised key
- 4.Generate a new key and update your environment variables
Revocation is immediate
Once revoked, all requests using that key will fail immediately. Make sure to update your application with the new key before revoking the old one.