Authentication

Overview

All requests to the Invictus AI API require authentication. This guide explains how to obtain API keys and use them in your applications.

Obtaining an API Key

  1. Sign up for an account: Visit dashboard.invictusai.com and create an account.

  2. Create an API key:

    • Navigate to the API Keys section in your dashboard

    • Click Create New API Key

    • Give your API key a name (e.g., "Development", "Production")

    • Choose the appropriate access level for your needs

    • Click Create

  3. Save your API key: Copy and store your API key in a secure location. For security reasons, we only show the full key once.

Types of API Keys

Invictus AI offers two types of API keys:

  1. Development Keys:

    • Intended for testing and development

    • Limited rate limits

    • No billing charges

    • Cannot be used in production environments

  2. Production Keys:

    • For live applications

    • Higher rate limits

    • Subject to normal billing

    • Full access to all features

Using Your API Key

REST API

Include your API key in the Authorization header of your HTTP requests:

curl -X POST https://api.invictusai.com/v1/nlp/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Sample text for analysis"}'

JavaScript SDK

const InvictusAI = require('invictus-ai');
const client = new InvictusAI.Client('YOUR_API_KEY');

// Now you can use the client to make API calls
const result = await client.nlp.analyze({
  text: 'Sample text for analysis'
});

Python SDK

from invictus_ai import Client
client = Client('YOUR_API_KEY')

# Now you can use the client to make API calls
result = client.nlp.analyze(
  text='Sample text for analysis'
)

Environment-based Configuration

For security best practices, we recommend storing your API keys as environment variables:

JavaScript (Node.js)

// Using dotenv to load environment variables
require('dotenv').config();
const InvictusAI = require('invictus-ai');
const client = new InvictusAI.Client(process.env.INVICTUS_API_KEY);

Example .env file:

INVICTUS_API_KEY=your_api_key_here

Python

import os
from invictus_ai import Client
client = Client(os.environ.get('INVICTUS_API_KEY'))

API Key Security Best Practices

  1. Never hardcode API keys in your source code

  2. Don't commit API keys to version control systems

  3. Use environment variables to store API keys

  4. Implement proper access controls to limit who can use your API keys

  5. Rotate API keys periodically for enhanced security

  6. Use development keys for testing and development

  7. Restrict API key permissions to only what's necessary

Key Rotation

For security reasons, we recommend rotating your API keys regularly:

  1. Create a new API key in your dashboard

  2. Update your applications to use the new key

  3. Verify that everything is working correctly

  4. Delete the old API key

Revoking API Keys

If an API key is compromised:

  1. Go to your dashboard at dashboard.invictusai.com

  2. Navigate to the API Keys section

  3. Find the compromised key and click Revoke

  4. Create a new key and update your applications

Webhooks Authentication

For webhook endpoints, we recommend implementing signature verification:

const crypto = require('crypto');

app.post('/webhook', (req, res) => {
  const signature = req.headers['x-invictus-signature'];
  const payload = JSON.stringify(req.body);
  const expectedSignature = crypto
    .createHmac('sha256', process.env.WEBHOOK_SECRET)
    .update(payload)
    .digest('hex');
    
  if (crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  )) {
    // Signature verified, process the webhook
    // ...
    res.status(200).send('Webhook received');
  } else {
    // Invalid signature
    res.status(401).send('Invalid signature');
  }
});

Next Steps

  • Learn how to make your first API call

  • Explore the API Reference

  • Check out our Rate Limits documentation

PreviousNext StepNextComputer Vision