Authentication

All ATHENA API requests require authentication using an API key.

API Key Format

Authorization: Bearer YOUR_API_KEY

Example key format: athena_live_abc123... (48+ characters)

Getting Your API Key

  1. Enterprise Pilot: Contact [email protected]

  2. Self-Service: Dashboard → Settings → API Keys → Generate New Key

Security: API keys are shown only once at creation. Store them securely in environment variables or a secrets manager.

API Key Security

Feature
Description

Storage

bcrypt hashed (cost factor: 12)

Transmission

TLS 1.3 only

Rotation

Customer-initiated via API

Audit Trail

All usage logged

Key Rotation

Rotate keys without downtime:

Response:

The old key remains valid for 24 hours (grace period).

Key Revocation

Immediately revoke a compromised key:

Best Practices

Do:

  • Store keys in environment variables

  • Rotate keys quarterly

  • Use different keys for development/production

  • Monitor key usage in the dashboard

Don't:

  • Hardcode keys in source code

  • Commit keys to git repositories

  • Share keys across applications

  • Log API keys (we automatically redact them)

Environment Variables

Node.js

Python

Error Responses

HTTP Status
Error Code
Description

401

authentication_failed

Missing or invalid API key

403

forbidden

Key lacks required permissions

429

rate_limit_exceeded

Too many requests

Example Error Response:

Next: Rate Limits

PreviousQuick StartNextRate Limits

Last updated