Skip to main content

Bearer Token Authentication

All API requests require authentication using a Bearer token in the Authorization header. 
Authorization: Bearer YOUR_API_KEY

Making Authenticated Requests

Include your API key in every request: 
curl -X POST https://api.ardie.ai/kb/{kb_id}/query \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"query": "Your question here"}'

Key Scoping

Each API key is scoped to a single knowledge base. This means:
  • You can only query the knowledge base the key was issued for
  • Attempting to query a different knowledge base returns 403 Forbidden
  • If you have access to multiple knowledge bases, you’ll have separate keys for each

Authentication Errors

Status CodeErrorDescription
401 Unauthorizedmissing_api_keyNo Authorization header provided
401 Unauthorizedinvalid_api_keyThe API key is malformed or doesn’t exist
403 Forbiddenkey_scope_mismatchThe key doesn’t have access to this knowledge base
403 Forbiddenkey_revokedThe API key has been revoked
Example error response: 
{
  "error": "invalid_api_key",
  "message": "The provided API key is invalid or has been revoked."
}

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs.
1

Use Environment Variables

Store keys in environment variables:
export ARDIE_API_KEY="ardie_sk_live_..."
2

Server-Side Only

Make API calls from your backend, never from browsers or mobile apps.
3

Rotate if Compromised

If a key is exposed, revoke it immediately from your Dashboard and generate a new one.

Next Steps

Query Endpoint

Start querying knowledge bases

Rate Limits

Understand usage limits