Authentication

API Key Format

API keys are prefixed with dai_ followed by a random string. Example:

dai_a1b2c3d4e5f6...

Keys are shown once at creation. Store them securely — we only persist a SHA-256 hash.

Using Your Key

Pass the key in the Authorization header as a Bearer token:

Authorization: Bearer dai_a1b2c3d4e5f6...

With the OpenAI SDK, set it as the api_key parameter:

client = OpenAI(
    base_url="https://api.agilecloud.ai/v1",
    api_key="dai_a1b2c3d4e5f6...",
)

Error Responses

Missing or invalid keys return a 401 Unauthorized response with a WWW-Authenticate: Bearer header:

{
  "error": {
    "message": "Invalid or missing API key",
    "type": "authentication_error",
    "code": "invalid_api_key"
  }
}

Key Management

• Create — Generate new keys in Dashboard → API Keys
• Revoke — Instantly invalidate a key. Revoked keys return 401 immediately.
• Rotate — Create a new key, update your client, then revoke the old one.

Security Best Practices

• Never commit API keys to source control
• Use environment variables: DIRECTAI_API_KEY
• Rotate keys regularly — at minimum every 90 days
• Use separate keys for development and production
• Revoke keys immediately if compromised