Skip to main content

Authentication

Subworkflow.AI API endpoints all require authentication using API keys.
Since all API Keys are scoped to individual workspaces, it is more correct to call them "workspace API keys" but we'll use terms use interchangebly throughout the documentations.

Using Workspace API Keys

Once you've obtained your API keys, there are two methods you can use as part of your request:

  • Custom Header Auth (recommended): use the custom header x-api-key with the API key as the value.
  • Query Auth: use the query parameter api-key with the API key as the value.

We do not recommend using the query auth method but include it as in some scenarios, it may not be possible to set request headers manually. Typically, query parameters are not redacted which risks exposing the key publicly in request logs so if you decide to use please be aware and rotate your keys often.

# custom header auth
CURL https://api.subworkflow.ai/v1/datasets --header "x-api-key: <YOUR_API_KEY>"

# query auth
CURL https://api.subworkflow.ai/v1/datasets?api-key=<YOUR_API_KEY>

Creating a Workspace API Key

You can create a workspace API key from your workspace > settings > keys page, granted you have sufficient permissions to do so. If not, contact the owner of the workspace or the organisation's owner/admin members.

When creating an API Key, you can optionally set an expiry date which will automatically disable the key.

In the workspace settings key page, any API keys belonging to you will continue to be visible but API keys belonging to other team members will be masked.

The number of API keys you can create will depend on your subscription plan. When you reach or exceed your plan's limit, you won't be able to create anymore API keys until you either (1) delete existing API keys or (2) upgrade to a higher subscription plan.

Deleting a Workspace API Key

You can delete an API key manually from the workspace > settings > keys page. If your API key has an expiry date, please note the key will only be disabled which will have technically the same effect as a deleted key.

When you delete a key, requests using the key will be immediately denied so ensure any critical systems migrate their keys before deleting.

Deleted keys are not recoverable.