Authentication

Overview

All requests to the Invictus AI API require authentication. This guide explains how to obtain API keys and use them in your applications.

Obtaining an API Key

Sign up for an account: Visit dashboard.invictusai.com and create an account.
Create an API key:
- Navigate to the API Keys section in your dashboard
- Click Create New API Key
- Give your API key a name (e.g., "Development", "Production")
- Choose the appropriate access level for your needs
- Click Create
Save your API key: Copy and store your API key in a secure location. For security reasons, we only show the full key once.

Types of API Keys

Invictus AI offers two types of API keys:

Development Keys:
- Intended for testing and development
- Limited rate limits
- No billing charges
- Cannot be used in production environments
Production Keys:
- For live applications
- Higher rate limits
- Subject to normal billing
- Full access to all features

Using Your API Key

REST API

Include your API key in the Authorization header of your HTTP requests:

curl -X POST https://api.invictusai.com/v1/nlp/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Sample text for analysis"}'

JavaScript SDK

const InvictusAI = require('invictus-ai');
const client = new InvictusAI.Client('YOUR_API_KEY');

// Now you can use the client to make API calls
const result = await client.nlp.analyze({
  text: 'Sample text for analysis'
});

Python SDK

from invictus_ai import Client
client = Client('YOUR_API_KEY')

# Now you can use the client to make API calls
result = client.nlp.analyze(
  text='Sample text for analysis'
)

Environment-based Configuration

For security best practices, we recommend storing your API keys as environment variables:

JavaScript (Node.js)

// Using dotenv to load environment variables
require('dotenv').config();
const InvictusAI = require('invictus-ai');
const client = new InvictusAI.Client(process.env.INVICTUS_API_KEY);

Example .env file:

INVICTUS_API_KEY=your_api_key_here

Python

import os
from invictus_ai import Client
client = Client(os.environ.get('INVICTUS_API_KEY'))

API Key Security Best Practices

Never hardcode API keys in your source code
Don't commit API keys to version control systems
Use environment variables to store API keys
Implement proper access controls to limit who can use your API keys
Rotate API keys periodically for enhanced security
Use development keys for testing and development
Restrict API key permissions to only what's necessary

Key Rotation

For security reasons, we recommend rotating your API keys regularly:

Create a new API key in your dashboard
Update your applications to use the new key
Verify that everything is working correctly
Delete the old API key

Revoking API Keys

If an API key is compromised:

Go to your dashboard at dashboard.invictusai.com
Navigate to the API Keys section
Find the compromised key and click Revoke
Create a new key and update your applications

Webhooks Authentication

For webhook endpoints, we recommend implementing signature verification:

const crypto = require('crypto');

app.post('/webhook', (req, res) => {
  const signature = req.headers['x-invictus-signature'];
  const payload = JSON.stringify(req.body);
  const expectedSignature = crypto
    .createHmac('sha256', process.env.WEBHOOK_SECRET)
    .update(payload)
    .digest('hex');
    
  if (crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  )) {
    // Signature verified, process the webhook
    // ...
    res.status(200).send('Webhook received');
  } else {
    // Invalid signature
    res.status(401).send('Invalid signature');
  }
});

Next Steps

Learn how to make your first API call
Explore the API Reference
Check out our Rate Limits documentation

PreviousNext Step NextComputer Vision