Antinium Logo

Menu

Log in

Authentication

Learn how to authenticate API requests

API Keys

Antinium uses API keys for authentication. Each API key is associated with your account and workspace, and has specific permissions.

Creating an API Key

  1. Go to SettingsAPI Keys
  2. Click "Create API Key"
  3. Give your key a name (e.g., "Production API", "Development")
  4. Select permissions (read, write, or full access)
  5. Click "Create"
  6. Copy the key immediately - you won't be able to see it again

Important: API keys are only shown once when created. If you lose a key, you'll need to create a new one and revoke the old one.

Using API Keys

Include your API key in the Authorization header of all requests:

Authorization: Bearer YOUR_API_KEY

Example with cURL

curl -X GET https://api.antinium.dev/v1/documents \
  -H "Authorization: Bearer ant_1234567890abcdef"

Example with JavaScript

const response = await fetch('https://api.antinium.dev/v1/documents', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
});

Key Permissions

Read Only

Can read documents, translations, and workspace data. Cannot create, update, or delete anything.

Read & Write

Can read and modify documents, create translations, and manage content. Cannot manage workspace settings or members.

Full Access

Complete access to all API endpoints, including workspace management. Use with caution.

Managing API Keys

Viewing Keys

You can see all your API keys in Settings → API Keys. The keys themselves are masked for security (only the last 4 characters are shown).

Revoking Keys

  1. Go to Settings → API Keys
  2. Find the key you want to revoke
  3. Click "Revoke"
  4. Confirm the action
  5. The key will immediately stop working

Renaming Keys

You can rename API keys to better organize them (e.g., "Production", "Staging", "Development").

Security Best Practices

  • Never commit keys to version control: Use environment variables or secret management tools
  • Use different keys for different environments: Separate keys for development, staging, and production
  • Rotate keys regularly: Create new keys and revoke old ones periodically
  • Use minimal permissions: Only grant the permissions needed for each key
  • Monitor key usage: Check API logs regularly for suspicious activity
  • Revoke compromised keys immediately: If a key is exposed, revoke it right away

Error Responses

Authentication errors return a 401 status code:

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

Common authentication errors:

  • Missing API key: No Authorization header provided
  • Invalid API key: Key doesn't exist or has been revoked
  • Insufficient permissions: Key doesn't have permission for the requested operation
  • Expired key: Key has expired (if expiration was set)

Related Topics

Previous
API Overview
Next
Translation Endpoints