Skip to main content

Token Authentication

Outbound API uses the standard Bearer Token mechanism for authentication.

Header Format

Authorization: Bearer YOUR_API_KEY

Token Security Standards

1. Principle of Least Privilege

If you distribute the API Key to external partners, restrict the following for that Key in the console:
  • Model Scope: Only allow calls to specific models.
  • Expiration Time: Set short-term expiration to reduce risk.
  • IP Whitelist: Restrict the IP addresses of the caller.

2. No Client-Side Hardcoding

Never hard-code the sk- token in frontend JavaScript or mobile app code. All API calls should be proxied through a backend server, or use our secure distribution system to generate short-lived tokens.

3. Data Privacy

We do not store your conversation content. API acts only as a high-performance relay node; conversation content flows through memory and is passed directly to the underlying service provider.

Monitoring and Auditing

You can monitor the details of each API call in real time on the “Logs” page in the console. If you have any security questions, please email support@aiid.edu.kg.