Authentication

The gospace API uses API keys to authenticate requests. You can view and manage your API keys in the gospace AI console by navigating to Admin > Settings > API Keys.

API Key Creation and Visibility

  • One-Time Display: API keys are only visible once at the time of creation. After you generate an API key, it will not be displayed again for security reasons.

  • Secure Storage Required: Immediately store your new API key in a secure location. If you lose access to it, you will need to generate a new key.

Authentication

Authentication to the API is performed via HTTP headers using the x-api-key header. Provide your API key in the following format:

REQUEST HEADERS
headers: {
  "x-api-key": "prod_********-****-****-1a234b56"
}
  • HTTPS Required: All API requests must be made over HTTPS. Calls made over plain HTTP will fail.

  • Authentication Required: API requests without a valid API key will fail

Rate Limits

To ensure optimal performance and fair usage, the gospace API enforces the following rate limits:

  • 200 Requests Per Second: You can make up to 200 API requests per second.

  • Burst Limit of 500: A short-term burst limit allows up to 500 requests in a single second to accommodate sudden spikes in traffic.

  • 2000 Requests Per Day: There is a daily limit of 2000 API requests.

Note: Exceeding these limits will result in your API requests being throttled or denied. It's important to implement appropriate error handling and retry logic in your application.

Best Practices to Handle Rate Limits

  • Monitor Usage: Keep track of your API usage to avoid hitting the rate limits.

  • Efficient Coding: Optimise your code to reduce unnecessary API calls.

  • Exponential Backoff: Implement retry logic with exponential backoff when you receive rate limit errors.

  • Contact Support for Higher Limits: If you anticipate higher usage, contact our support team to discuss your needs.

Security Best Practices

Your API keys hold a significant amount of power, so make sure to keep them secure!

  • Avoid Sharing Secret API Keys: Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so on.

  • Secure Storage Solutions: Use secure methods to store your API keys, such as environment variables, key management services, or encrypted configuration files.

  • Access Control: Limit access to your API keys to only those individuals who need them for development or deployment purposes.

  • Avoid Hard-Coding: Do not hard-code API keys into your application's source code, especially if the code will be stored in version control systems or shared repositories.

  • Rotate Keys Periodically: For enhanced security, rotate your API keys periodically.

Managing Your API Keys

  • Creating a New API Key:

    1. Navigate to your account dashboard.

    2. Go to Admin > Settings > API Keys.

    3. Click on Create New API Key.

    4. Copy the key when it is displayed. Remember, this is the only time you will be able to view it.

  • Regenerating an API Key: If you lose your API key, delete the lost key from the dashboard and create a new one.

  • Revoking an API Key: To revoke access, delete the API key from your account dashboard. This action cannot be undone.

Troubleshooting

  • Lost API Key: If you did not save your API key at the time of creation and have lost it, you must generate a new one.

  • Unauthorised Errors: If you encounter authentication errors, ensure that you are using a valid API key and that it has not been revoked.

  • Rate Limit Exceeded: If you receive errors related to rate limits, review your application's request patterns and adjust accordingly.

  • Contact Support: For any issues not resolved by the above steps, contact our support team for assistance.


Remember that API keys are sensitive credentials that grant access to your account's capabilities and data. Handling them with care is essential for maintaining the security and integrity of your applications.

Last updated