Secure your API access

Authentication

Secure your API access using channel API keys.

API Keys

Each channel has its own unique API key. Keys use the
text
amgai_
prefix followed by a UUID, making them easy to identify in logs and environment configs.
text
amgai_550e8400-e29b-41d4-a716-446655440000

Key Security

Channel API keys are AES-256 encrypted at rest in the database. The raw key value is never stored in plaintext — only an encrypted form and a SHA-256 hash (used for fast lookup) are persisted. Your key is never exposed in API responses.

Using Your API Key

Include your API key in the
text
X-API-Key
header on every request:
http
X-API-Key: amgai_550e8400-e29b-41d4-a716-446655440000

Finding Your API Key

  1. Go to Channels in your dashboard
  2. Open the channel
  3. Copy the API Key from the channel overview card

Security Best Practices

Do

  • Store API keys in environment variables (
    text
    .env
    )
  • Use a backend proxy for client-side calls — never expose your key in browser JavaScript
  • Rotate keys periodically or immediately if you suspect a leak

Do Not

  • Commit API keys to version control
  • Include keys in client-side JavaScript for public-facing sites
  • Share keys across multiple environments

Key Rotation

To rotate your API key:
  1. Go to Channels in your dashboard
  2. Open the channel
  3. Click Regenerate API Key
  4. Update your integration with the new key
  5. Test that requests succeed with the new key
⚠️ Warning: Regenerating a key invalidates the old key immediately. Update all consuming applications before regenerating to avoid downtime.
PreviousHistory EndpointNextAvailable Models