Docs/API Reference

API Reference

Authentication

Last updated March 3, 2026

Learn how to authenticate your requests to the Cencori API using API keys.

API Key Authentication

Cencori uses API keys to authenticate requests. Your API key identifies your project and determines which security policies and rate limits apply.

Getting Your API Key

  1. Log in to the Cencori Dashboard
  2. Navigate to your project
  3. Go to the "API Keys" tab
  4. Click "Generate New Key"
  5. Copy the key immediately (it won't be shown again)

[!CAUTION] API keys are sensitive credentials. Never commit them to version control or expose them in client-side code.

Using API Keys

Include your API key when initializing the Cencori SDK. The SDK automatically adds the necessary authentication headers to all requests.

SDK Initialization

Codetext
import { Cencori } from "cencori";
 
export const cencori = new Cencori({
  apiKey: process.env.CENCORI_API_KEY!,
});

Direct HTTP Requests (AI & Memory)

If you're making direct HTTP requests to the AI or Memory endpoints, include your API key in the CENCORI_API_KEY header:

Codetext
curl https://cencori.com/api/ai/chat \
  -H "CENCORI_API_KEY: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Direct HTTP Requests (REST /api/v1)

For REST endpoints under /api/v1, use the Authorization header:

Codetext
curl https://cencori.com/api/v1/metrics?period=24h \
  -H "Authorization: Bearer YOUR_API_KEY"

Environment Variables

Store your API keys in environment variables to keep them secure.

Local Development (.env)

Codetext
CENCORI_API_KEY=cen_your_api_key_here

Make sure to add .env to your .gitignore file.

Required Headers

When making direct API requests, include these headers:

  • AI & Memory endpoints: CENCORI_API_KEY: YOUR_API_KEY (preferred). Authorization: Bearer YOUR_API_KEY is also accepted.
  • REST endpoints (/api/v1/*): Authorization: Bearer YOUR_API_KEY (required)
  • Content-Type: application/json (required for POST)

Authentication Errors

StatusCodeDescription
401INVALID_API_KEYKey is invalid or has been revoked.
403INSUFFICIENT_PERMISSIONSKey lacks permission for this resource.
429RATE_LIMIT_EXCEEDEDYou have exceeded the rate limit.

Security Best Practices

  • Never expose keys in client-side code.
  • Use environment variables.
  • Rotate keys regularly (every 90 days recommended).
  • Revoke compromised keys immediately in the dashboard.
  • Use separate keys for different services and environments.