Authentication
Authentication & Security
Secure your API requests with API key authentication.
API Key Authentication
All API requests must include your API key in the X-API-Key header.
# Required Header X-API-Key: your_api_key_here
Correct
curl -X POST api.url/v1/extract \ -H "X-API-Key: sk_live_xxx"
❌ Incorrect
curl -X POST api.url/v1/extract \ -d "api_key=sk_live_xxx"
Getting Your API Key
- Log in to your Dashboard
- Click "Generate API Key"
- Copy the key immediately - it won't be shown again
- Store securely in environment variables
# .env file (never commit this!) SYNCAI_API_KEY=sk_live_xxxxxxxxxxxxxxxx
Security Best Practices
⚠️ NEVER Expose Your API Key
Never include your API key in frontend client-side code (JavaScript, React, Vue, etc.). Anyone can view source code in the browser and steal your key.
Backend Only
Always call SyncAI from your server-side code (Python, Node.js, Go, etc.)
Environment Variables
Store API keys in environment variables, never in code
Rotate Keys
If you suspect a key is compromised, revoke it immediately in Dashboard
Separate Keys
Use different API keys for development and production
Rate Limits
| Tier | Requests/min | File Size |
|---|---|---|
| Pilot (Free) | 10 | 10MB |
| Growth | 100 | 25MB |
| Enterprise | Unlimited | 100MB |