Docs/API Reference

API Reference

Authentication

Last updated May 28, 2026

Learn how to authenticate your requests to the Cencori API using API keys.

API Key Authentication

Cencori uses project API keys to authenticate requests. Your API key identifies your project and determines which security policies, rate limits, provider settings, and logs apply.

Your Cencori project key is not the same thing as an OpenAI, Anthropic, or Google provider key. Provider keys are configured separately in Project > Providers when your project uses BYOK.

Getting Your API Key

  1. Log in to the Cencori Dashboard
  2. Navigate to your project
  3. Go to the "API Keys" tab
  4. Click "Generate New Key"
  5. Copy the key immediately (it won't be shown again)

[!CAUTION] API keys are sensitive credentials. Never commit them to version control or expose them in client-side code.

Key Types

  • Project keys: csk_... or csk_test_...
  • Publishable keys: cpk_... or cpk_test_...
  • Agent-scoped keys: cake_... for agent runtime flows

Using API Keys

Include your API key when initializing the Cencori SDK. The SDK automatically adds the necessary authentication headers to all requests.

SDK Initialization

Codetext
import { Cencori } from "cencori";
 
export const cencori = new Cencori({
  apiKey: process.env.CENCORI_API_KEY!,
});

Direct HTTP Requests (AI & Memory)

If you're making direct HTTP requests to the AI or Memory endpoints, include your API key in the CENCORI_API_KEY header:

Codetext
curl https://cencori.com/api/ai/chat \
  -H "CENCORI_API_KEY: csk_..." \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Direct HTTP Requests (REST /api/v1)

For public /v1 endpoints on api.cencori.com, use the Authorization header:

Codetext
curl https://api.cencori.com/v1/metrics?period=24h \
  -H "Authorization: Bearer csk_..."

Environment Variables

Store your API keys in environment variables to keep them secure.

Local Development (.env)

Codetext
CENCORI_API_KEY=csk_...

Make sure to add .env to your .gitignore file.

Required Headers

When making direct API requests, include these headers:

  • AI & Memory endpoints: CENCORI_API_KEY: csk_... (preferred). Authorization: Bearer csk_... is also accepted.
  • OpenAI-compatible and REST endpoints (https://api.cencori.com/v1/*): Authorization: Bearer csk_... is preferred because OpenAI-compatible SDKs expect it.
  • Content-Type: application/json (required for POST)

Authentication Errors

StatusCodeDescription
401INVALID_API_KEYKey is invalid or has been revoked.
403INSUFFICIENT_PERMISSIONSKey lacks permission for this resource.
429RATE_LIMIT_EXCEEDEDYou have exceeded the rate limit.

Security Best Practices

  • Never expose keys in client-side code.
  • Use environment variables.
  • Rotate keys regularly (every 90 days recommended).
  • Revoke compromised keys immediately in the dashboard.
  • Use separate keys for different services and environments.