Bearer Token Authentication
All API requests require authentication using a Bearer token in the Authorization header.
Authorization: Bearer YOUR_API_KEY
Making Authenticated Requests
Include your API key in every request:
curl -X POST https://api.ardie.ai/kb/{kb_id}/query \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "Your question here"}'
Key Scoping
Each API key is scoped to a single knowledge base. This means:
- You can only query the knowledge base the key was issued for
- Attempting to query a different knowledge base returns
403 Forbidden
- If you have access to multiple knowledge bases, you’ll have separate keys for each
Authentication Errors
| Status Code | Error | Description |
|---|
401 Unauthorized | missing_api_key | No Authorization header provided |
401 Unauthorized | invalid_api_key | The API key is malformed or doesn’t exist |
403 Forbidden | key_scope_mismatch | The key doesn’t have access to this knowledge base |
403 Forbidden | key_revoked | The API key has been revoked |
{
"error": "invalid_api_key",
"message": "The provided API key is invalid or has been revoked."
}
Security Best Practices
Never expose your API key in client-side code, public repositories, or logs.
Use Environment Variables
Store keys in environment variables:export ARDIE_API_KEY="ardie_sk_live_..."
Server-Side Only
Make API calls from your backend, never from browsers or mobile apps.
Rotate if Compromised
If a key is exposed, revoke it immediately from your Dashboard and generate a new one.
Next Steps
(7).png?fit=max&auto=format&n=6FZsVQ5mPkveKHn2&q=85&s=46e497b52f808bab8589207e29abb2e1){kind=logo}
(6).png?fit=max&auto=format&n=3Dv90z8s7pwEMiZV&q=85&s=5b1b766bf867af4abce636e36c001b97){kind=logo}