Authentication

Use bearer tokens to authenticate every Public API request.

3 min read

Bearer tokens

Every request to the Public API must include an Authorization header containing a bearer token. Tokens are issued from your dashboard and are scoped to your workspace.

http

Authorization: Bearer sk_live_xxxxxxxxxxxxxxxx

Token types

Prefix	Type	Use case
sk_live_	Private	Server-side only. Full access to your account's Public API.
pk_live_	Public	Browser-safe. Restricted by allowed origins and agent allow-list.

Failure modes

401 Unauthorized: header missing, malformed, or token revoked.
403 Forbidden: token is valid but lacks scope for the requested action (e.g. a public token attempting an unlisted agent).
429 Too Many Requests: rate limit or monthly quota exceeded.

Related in Getting Started

Introduction
Welcome to the Convoi AI Public API, what it is, how it's organized, and where to start.
Quickstart
Make your first API call in under five minutes.