Authentication
Learn how to authenticate your requests to the SensAI API using API keys and Bearer tokens.
Authentication Methods
SensAI supports two authentication mechanisms depending on your use case:
Bearer Token Authentication
For programmatic API access, include your API key as a Bearer token in the Authorization header of every request:
curl -X POST https://api.sensai.jmrinfotech.com/api/v1/chat/stream \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model": "openai/gpt-4o", "messages": [{"role": "user", "content": "Hello"}]}'API keys are generated from your SensAI dashboard under Settings > API Keys. Each key is scoped to your account and can be revoked at any time.
Session-Based Authentication
The SensAI web application uses Better-Auth for session-based authentication. When you sign in through the web interface, a secure HTTP-only session cookie is set automatically. This session is validated on each request through the authentication middleware.
Session-based auth is primarily used by the frontend application and is not recommended for external API integrations.
Security Best Practices
- Never expose API keys in client-side code, browser console, or public repositories
- Use environment variables to store your keys in server-side applications
- Rotate keys regularly and revoke any keys that may have been compromised
- Use separate keys for development and production environments
Rate Limiting
API requests are subject to rate limiting based on your account tier. If you exceed the rate limit, the API will return a 429 Too Many Requests response. Include appropriate retry logic with exponential backoff in your integration.