Browse docs
Getting Started
Authentication
Use bearer tokens to authenticate every Public API request.
3 min read
Bearer tokens
Every request to the Public API must include an Authorization header containing a bearer token. Tokens are scoped to your workspace and are created from the Convoi AI dashboard, open the tab named "API keys" to generate a private (sk_live_) or public (pk_live_) key.
http
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxToken types
| Prefix | Type | Use case |
|---|---|---|
| sk_live_ | Private | Server-side only. Full access to your account's Public API. |
| pk_live_ | Public | Browser-safe. Restricted by allowed origins and agent allow-list. |
Failure modes
- 401 Unauthorized: header missing, malformed, or token revoked.
- 403 Forbidden: token is valid but lacks scope for the requested action (e.g. a public token attempting an unlisted agent).
- 429 Too Many Requests: rate limit or monthly quota exceeded.
Related in Getting Started