Skip to main content

Authentication & API Keys

Manage access to Enclava's API with API keys and permissions.

What You'll Learn

Creating API Keys - Generate and configure keys
Management - Rotate and maintain keys
Permissions - Control access and capabilities

Authentication Methods

Enclava supports API key authentication for external client applications.

API Key Authentication

Used for: External client applications

Include Authorization: Bearer YOUR_API_KEY header in requests.

curl -H "Authorization: Bearer en_xxxxxxxx" \
  http://localhost/api/v1/chat/completions

Key Types

Full Access Keys

Access to all enabled features
All available models
Recommended for development and testing

Restricted Keys

Limited to specific models
Can have budget limits
Recommended for production deployments
Can be scoped to specific features

Security Best Practices

Never Commit Keys - Store in environment variables, not in code
Use Specific Keys - Create separate keys for different apps
Rotate Regularly - Revoke and regenerate keys periodically
Monitor Usage - Track which keys are using which resources
Set Budgets - Limit potential financial exposure
Revoke Unused Keys - Delete keys that are no longer needed

Next Steps

Create Your First API Key - Start making API calls
OpenAI Compatible API - Use keys with standard clients

What You'll Learn
Authentication Methods
- API Key Authentication
Key Types
- Full Access Keys
- Restricted Keys
Security Best Practices
Next Steps