Overview The AMAS API uses API keys to authenticate requests. All API requests must include your API key in the x-api-key header.
Keep your API keys secure! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, or in your application’s source code.
API Key Authentication Include your API key in the x-api-key header with every request:
API keys are generated in the settings of the Atthene Agent Studio with an expiration date and can be invalidated when needed.
Usage Examples curl -X POST https://api-be.atthene.com/api/v1/agent/validate/ \ -H "x-api-key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "My Agent", "agent_type": "llm_agent", "system_prompt": "You are a helpful assistant.", "llm_config": {"model": "gpt-4o"} }'
API Key Management Contact your administrator or use the dashboard to manage your API keys.
API keys are generated with an expiration date. Make sure to rotate your keys before they expire to avoid service interruptions.
Best Practices
Environment Variables Store API keys and tokens as environment variables rather than hardcoding them in your application.
Key Rotation Regularly rotate your API keys, especially after team member departures or suspected compromise.
Expiration Monitoring Monitor API key expiration dates and rotate keys before they expire to avoid service interruptions.
Secure Storage Never commit API keys to version control. Use secret management tools in production.
Authentication Errors 401 Unauthorized Invalid or expired authentication credentials:
{ "error" : { "type" : "authentication_error" , "message" : "Invalid or missing authentication credentials" } } 403 Forbidden Insufficient permissions to access the resource:
{ "error" : { "type" : "permission_error" , "message" : "You do not have permission to access this resource" } } Expired API Key { "error" : { "type" : "authentication_error" , "message" : "API key has expired" } } 
