Guides

Authentication

Suggest Edits

Authentication

The Flyflow API uses API keys to authenticate requests. Each API request must include an API key in the Authorization header to be authenticated and processed by the Flyflow server.

API Key

To obtain an API key, you can either sign up for a Flyflow account on the Flyflow dashboard or contact the Flyflow support team. Once you have an API key, you need to include it in the Authorization header of each API request.

The API key should be prefixed with Bearer followed by a space and then the actual key. For example:

Authorization: Bearer your_api_key

Authenticating Requests

cURL Example

Here's an example of making an authenticated request to the Flyflow API using cURL:

curl -X GET \
  -H "Authorization: Bearer your_api_key" \
  -H "Content-Type: application/json" \
  "https://api.flyflow.dev/v1/agents"

In this example, replace your_api_key with your actual API key.

Python Client Example

If you're using the Flyflow Python Client, you can authenticate your requests by providing the API key when initializing the client:

from flyflowclient import Flyflow

client = Flyflow(api_key='your_api_key')

Alternatively, you can set the FLYFLOW_API_KEY environment variable, and the client will automatically use it for authentication:

import os
from flyflowclient import Flyflow

os.environ['FLYFLOW_API_KEY'] = 'your_api_key'
client = Flyflow()

Once the client is initialized with the API key, all subsequent requests made through the client will include the necessary authentication headers.

Error Handling

If you make a request to the Flyflow API without providing an API key or with an invalid API key, the server will respond with a 401 Unauthorized status code. The response body will include an error message indicating the authentication failure.

Here's an example error response:

{
  "error": "Unauthorized",
  "message": "Invalid API key"
}

Make sure to handle authentication errors appropriately in your application and provide a valid API key with each request.

Secure API Key Storage

It's important to keep your API key secure and not expose it publicly. Consider the following best practices:

  • Store your API key securely on your server or in a secure secrets management system.
  • Do not include the API key directly in your client-side code or version control system.
  • Use environment variables or configuration files to store the API key and load it dynamically in your application.
  • Rotate your API key periodically and revoke it if you suspect any unauthorized access.

By following these practices, you can ensure the security of your API key and prevent unauthorized access to your Flyflow account.

Conclusion

Authentication is a crucial aspect of interacting with the Flyflow API. By including a valid API key in the Authorization header of each request, you can authenticate your requests and access the Flyflow functionality securely. Remember to handle authentication errors appropriately and store your API key securely to maintain the integrity of your application.

Updated 6 months ago