API Authentication
The GeniSpace API uses a hybrid Bearer authentication scheme. It accepts both JWT access tokens and API keys. All API requests must include valid authentication information in the request headers.
Obtaining an API Key
Space-scoped API keys are managed in the Console:
- Open the Console and navigate to Settings → Integrations
- In the API key area, click "Create API Key"
- Store the generated key securely — the key is only displayed once at creation time
API keys are 40-character alphanumeric tokens (no sk- prefix), for example 8OnG3iLUYdNq8PoO1JVW77aXbgHKBiOxIIufky7t.
Usage
Add the Authorization field to the HTTP headers of each API request:
Authorization: Bearer YOUR_API_KEY
The Bearer scheme is recommended. The API also accepts the ApiKey, API-Key, and Token prefixes for API keys:
Authorization: ApiKey YOUR_API_KEY
Authorization: API-Key YOUR_API_KEY
Authorization: Token YOUR_API_KEY
Request Example
curl -X GET https://api.genispace.ai/api/agents \
-H "Authorization: Bearer 8OnG3iLUYdNq8PoO1JVW77aXbgHKBiOxIIufky7t" \
-H "Content-Type: application/json"
Validating an API Key
To check whether a key is valid, call the validation endpoint (no authentication required):
curl -X POST https://api.genispace.ai/api/api-keys/validate \
-H "Content-Type: application/json" \
-d '{ "apiKey": "8OnG3iLUYdNq8PoO1JVW77aXbgHKBiOxIIufky7t" }'
The response uses the standard envelope, with the result under data:
{
"success": true,
"message": "Operation successful",
"data": {
"valid": true
}
}
An equivalent endpoint is available at POST /api/validate/api-key.
Security Recommendations
- Do not hardcode API keys in client-side code
- Use environment variables to store keys
- Rotate keys regularly
- If a key is compromised, immediately revoke it (
POST /api/api-keys/{id}/revoke) and create a new one
Permission Scope
The permission scope of an API key depends on the creator's space role and subscription plan. The key can access resources belonging to its bound space.
Related Documentation
- API Overview — API fundamentals
- API Endpoints — Available endpoint list
- Error Handling — Error code reference