API Authentication
Airweave uses bearer token authentication to secure all API requests. You need to include your API key in the Authorization header of every request.
Obtaining Your API Key
- Log in to your Airweave dashboard
- Navigate to Settings > API Keys
- Click Create API Key
- Copy your API key and store it securely
Treat your API keys like passwords. Never share them publicly or commit them to version control. If a key is compromised, revoke it immediately and generate a new one.
Making Authenticated Requests
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer YOUR_API_KEY
Example Request
curl https://api.airweave.ai/v1/collections \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
Authentication Errors
| Status Code | Description |
|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Valid API key but insufficient permissions |
429 Too Many Requests | Rate limit exceeded |
Development Mode
For development and testing environments, Airweave can be configured with AUTH_ENABLED=False to disable authentication. This is useful for local development but should never be used in production.
Best Practices
- Store securely: Use environment variables or a secrets manager
- Rotate regularly: Generate new keys periodically
- Use minimal permissions: Create separate keys for different services
- Monitor usage: Track API key usage in your dashboard
- Revoke immediately: If a key is compromised, revoke it right away