search

Authentication

All ATHENA API requests require authentication using an API key.

hashtag
API Key Format

Authorization: Bearer YOUR_API_KEY

Example key format: athena_live_abc123... (48+ characters)

hashtag
Getting Your API Key

  1. Enterprise Pilot: Contact [email protected]envelope

  2. Self-Service: Dashboard → Settings → API Keys → Generate New Key

circle-exclamation

Security: API keys are shown only once at creation. Store them securely in environment variables or a secrets manager.

hashtag
API Key Security

Feature
Description

Storage

bcrypt hashed (cost factor: 12)

Transmission

TLS 1.3 only

Rotation

Customer-initiated via API

Audit Trail

All usage logged

hashtag
Key Rotation

Rotate keys without downtime:

Response:

The old key remains valid for 24 hours (grace period).

hashtag
Key Revocation

Immediately revoke a compromised key:

hashtag
Best Practices

circle-check

Do:

  • Store keys in environment variables

  • Rotate keys quarterly

  • Use different keys for development/production

  • Monitor key usage in the dashboard

triangle-exclamation

Don't:

  • Hardcode keys in source code

  • Commit keys to git repositories

  • Share keys across applications

  • Log API keys (we automatically redact them)

hashtag
Environment Variables

hashtag
Node.js

hashtag
Python

hashtag
Error Responses

HTTP Status
Error Code
Description

401

authentication_failed

Missing or invalid API key

403

forbidden

Key lacks required permissions

429

rate_limit_exceeded

Too many requests

Example Error Response:

Next: Rate Limits

PreviousQuick StartNextRate Limits

Last updated