Authentication
All API requests require a Bearer token. Generate keys in the dashboard and include them in every request.
API Key Format
API keys are prefixed with dai_ followed by a random string. Example:
dai_a1b2c3d4e5f6...
Keys are shown once at creation. Store them securely — we only persist a SHA-256 hash.
Using Your Key
Pass the key in the Authorization header as a Bearer token:
Authorization: Bearer dai_a1b2c3d4e5f6...
With the OpenAI SDK, set it as the api_key parameter:
client = OpenAI(
base_url="https://api.agilecloud.ai/v1",
api_key="dai_a1b2c3d4e5f6...",
)Error Responses
Missing or invalid keys return a 401 Unauthorized response with a WWW-Authenticate: Bearer header:
{
"error": {
"message": "Invalid or missing API key",
"type": "authentication_error",
"code": "invalid_api_key"
}
}Key Management
- Create — Generate new keys in Dashboard → API Keys
- Revoke — Instantly invalidate a key. Revoked keys return 401 immediately.
- Rotate — Create a new key, update your client, then revoke the old one.
Security Best Practices
- Never commit API keys to source control
- Use environment variables:
DIRECTAI_API_KEY - Rotate keys regularly — at minimum every 90 days
- Use separate keys for development and production
- Revoke keys immediately if compromised