Assisters API
Getting Started

Authentication

Learn how to authenticate with the Assisters API using API keys

Authentication

TL;DR

Use Bearer token auth: Authorization: Bearer ask_your_key. Get keys from assisters.dev/dashboard/api-keys. Keys start with ask_ prefix. Never expose in client-side code. Supports domain restrictions for added security.

All Assisters API requests require authentication using an API key. This guide covers how to create, use, and manage your API keys securely.

API Keys

API keys are the primary method for authenticating with Assisters API. Each key:

  • Starts with the prefix ask_
  • Is tied to your account for billing
  • Can be restricted to specific domains (optional)
  • Can be revoked at any time

Creating an API Key

Navigate to assisters.dev/dashboard/api-keys

Click the Create New Key button in the top right

Give your key a descriptive name (e.g., "Production Server", "Development")

Add allowed domains if you want to restrict where the key can be used

Copy the full API key immediately - it won't be shown again!

Your API key is only displayed once when created. Store it securely - you cannot retrieve it later.

Using Your API Key

Include your API key in the Authorization header with the Bearer prefix:

from openai import OpenAI

client = OpenAI(
    api_key="ask_your_api_key_here",
    base_url="https://api.assisters.dev/v1"
)
import OpenAI from 'openai';

const client = new OpenAI({
  apiKey: 'ask_your_api_key_here',
  baseURL: 'https://api.assisters.dev/v1'
});
curl https://api.assisters.dev/v1/chat/completions \
  -H "Authorization: Bearer ask_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"model": "assisters-chat-v1", "messages": [...]}'

API Key Limits

Each account can have up to 10 active API keys. The first key created is automatically marked as the primary key.

FeatureLimit
Keys per account10
Key prefixask_
Domain restrictionsUnlimited
RevocationInstant

Domain Restrictions

You can restrict API keys to specific domains for additional security. This is useful for client-side applications where the key might be exposed.

{
  "allowed_domains": [
    "example.com",
    "app.example.com",
    "*.example.com"
  ]
}

Domain restrictions are optional. If no domains are specified, the key works from any origin.

Security Best Practices

Use Environment Variables

Never hardcode API keys in your source code. Use environment variables instead.

Rotate Keys Regularly

Create new keys and revoke old ones periodically to limit exposure.

Use Separate Keys

Use different keys for development, staging, and production environments.

Monitor Usage

Check your dashboard regularly for unexpected usage patterns.

Environment Variables

Store your API key in environment variables:

export ASSISTERS_API_KEY="ask_your_api_key_here"
$env:ASSISTERS_API_KEY="ask_your_api_key_here"
ASSISTERS_API_KEY=ask_your_api_key_here

Then access it in your code:

import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["ASSISTERS_API_KEY"],
    base_url="https://api.assisters.dev/v1"
)
const client = new OpenAI({
  apiKey: process.env.ASSISTERS_API_KEY,
  baseURL: 'https://api.assisters.dev/v1'
});

Git Ignore

Always add your .env file to .gitignore:

# .gitignore
.env
.env.local
.env.*.local

Managing API Keys

View All Keys

In your dashboard, you can see all your API keys with:

  • Name and creation date
  • Key prefix (first 12 characters)
  • Primary key status
  • Domain restrictions
  • Last used timestamp

Revoke a Key

To revoke a key:

  1. Go to your API Keys dashboard
  2. Find the key you want to revoke
  3. Click the Revoke button
  4. Confirm the revocation

Revoking a key is immediate and permanent. Any applications using that key will stop working instantly.

Set Primary Key

The primary key is used for embed widgets. To change your primary key:

  1. Go to your API Keys dashboard
  2. Find the key you want to make primary
  3. Click Set as Primary

Rate Limits

Your API key has a default rate limit of 60 requests per minute. See the rate limits guide for handling 429 errors.

Error Responses

401 Unauthorized

{
  "error": {
    "message": "Invalid API key provided",
    "type": "invalid_request_error",
    "code": "invalid_api_key"
  }
}

Causes:

  • API key is missing or malformed
  • API key has been revoked
  • API key doesn't start with ask_

403 Forbidden

{
  "error": {
    "message": "Request origin not allowed for this API key",
    "type": "invalid_request_error",
    "code": "origin_not_allowed"
  }
}

Causes:

  • Request came from a domain not in the allowed list
  • Domain restrictions are blocking the request

Next Steps

Rate Limits

Learn how to handle rate limiting gracefully

API Reference

Explore all available API endpoints

Quickstart

Get up and running with Assisters API in under 5 minutes

Build a RAG System

Build a production-ready Retrieval-Augmented Generation system with Assisters API

On this page

AuthenticationAPI KeysCreating an API KeyUsing Your API KeyAPI Key LimitsDomain RestrictionsSecurity Best PracticesEnvironment VariablesGit IgnoreManaging API KeysView All KeysRevoke a KeySet Primary KeyRate LimitsError Responses401 Unauthorized403 ForbiddenNext Steps