Get Started

  • Installation

  • Configuration

  • Authentication

  • Embedding

API References

  • Create new chatPOST

  • Get conversation historyGET

Authentication

Authentication with equilAI is straightforward. We use API keys to authenticate requests, which should be included in the request headers. This page covers best practices for managing your API keys securely.

API Key Authentication

How It Works

Authentication with equilAI uses a simple token-based approach. Include your API key in the Authorization header of your HTTP requests using the Bearer scheme.

// Example HTTP request with API key fetch('https://api.equilai.com/v1/analyze', { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': 'Bearer your_api_key_here' }, body: JSON.stringify({ text: 'Text to analyze' }) })

API Key Security Warning

Your API key provides access to your equilAI account and resources. Treat it like a password:

  • Never hardcode your API key directly in your application code.
  • Never commit your API key to version control systems like Git.
  • Never share your API key in public forums, screenshots, or videos.
  • Never expose your API key in client-side code that runs in browsers.

Using Environment Variables

The recommended way to handle API keys is using environment variables. This keeps your credentials out of your codebase and reduces the risk of accidental exposure.

// Node.js .env setup // 1. Install dotenv npm install dotenv // 2. Create a .env file in your project root // .env file content: EQUILAI_API_KEY=your_secret_api_key_here // 3. Load environment variables in your app require('dotenv').config(); // 4. Access your API key const apiKey = process.env.EQUILAI_API_KEY; // 5. Use the API key in your request const response = await fetch('https://api.equilai.com/v1/analyze', { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${apiKey}` }, body: JSON.stringify({ text: 'Your text to analyze' }) });

API Key Best Practices

Key Rotation

Periodically rotate your API keys, especially after team member changes or if you suspect a key has been compromised.

Version Control

Always use a .gitignore file to prevent environment files containing API keys from being committed to your repository.

Access Logs

Regularly review your equilAI dashboard for unusual API activity that could indicate a compromised key.

Least Privilege

Use separate API keys for different environments (development, staging, production) with appropriate access levels.

Server-Side vs. Client-Side Authentication

✓

Server-Side (Recommended)

Make API calls from your server and never expose your API key to the client. This approach is secure and recommended for production applications.

✗

Client-Side (Not Recommended)

Never use your API key directly in frontend code. If you need to make requests from a client application, create a backend endpoint that makes the API call with your key and return the results to the client.