API Authentication
Overview
The Solatis API supports multiple authentication methods:
- API Keys: Simple key-based authentication for server-to-server
- OAuth 2.0: Secure token-based authentication for applications
- Bearer Tokens: JWT tokens for temporary access
API Keys
Generate API Key
- Go to Settings → API Keys
- Click Generate New Key
- Enter a descriptive name
- Click Generate
- Copy your key (you won't see it again!)
Use API Key
Include your API key in the Authorization header:
bash
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.solatis.team/v1/documentsOr in Python:
python
import requests
headers = {
"Authorization": "Bearer YOUR_API_KEY"
}
response = requests.get(
"https://api.solatis.team/v1/documents",
headers=headers
)API Key Security
Do's:
- ✅ Store in environment variables
- ✅ Use a secrets manager
- ✅ Rotate keys regularly
- ✅ Use scoped keys for specific tasks
- ✅ Monitor key usage in API dashboard
Don'ts:
- ❌ Hardcode in source code
- ❌ Commit to version control
- ❌ Share with others
- ❌ Use in frontend applications
- ❌ Share in emails or chat
Key Scopes
Limit API key permissions using scopes:
| Scope | Permissions |
|---|---|
documents:read | Read documents |
documents:write | Create/update documents |
documents:delete | Delete documents |
agents:read | Read agents |
agents:write | Create/update agents |
agents:execute | Run agents |
api:read | Read API stats |
Rotate API Keys
Regularly rotate keys for security:
- Go to Settings → API Keys
- Generate new key (keep old key)
- Update applications with new key
- Verify new key works
- Delete old key
Old key remains valid for 24 hours after deletion.
OAuth 2.0
Authorization Code Flow
For applications needing user-delegated access:
1. User clicks "Connect with Solatis"
↓
2. Redirect to Solatis authorization page
↓
3. User approves scopes
↓
4. Redirect back to your app with authorization code
↓
5. Exchange code for access token (backend)
↓
6. Use access token to make API requestsImplement OAuth 2.0
Step 1: Register your application
- Go to Settings → OAuth Apps
- Click Register New App
- Enter app name and redirect URI
- Copy Client ID and Client Secret
- Save securely
Step 2: Redirect user to authorization
javascript
const clientId = "YOUR_CLIENT_ID";
const redirectUri = "https://yourapp.com/callback";
const scopes = "documents:read agents:read";
const authUrl = `https://auth.solatis.team/oauth/authorize?` +
`client_id=${clientId}` +
`&redirect_uri=${redirectUri}` +
`&scope=${scopes}` +
`&response_type=code`;
// Redirect user
window.location.href = authUrl;Step 3: Handle callback and get token
javascript
// In your callback endpoint
const code = req.query.code;
const response = await fetch("https://api.solatis.team/oauth/token", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
grant_type: "authorization_code",
code: code,
client_id: "YOUR_CLIENT_ID",
client_secret: "YOUR_CLIENT_SECRET",
redirect_uri: "https://yourapp.com/callback"
})
});
const data = await response.json();
const accessToken = data.access_token;
const refreshToken = data.refresh_token;Step 4: Use access token
bash
curl -H "Authorization: Bearer ACCESS_TOKEN" \
https://api.solatis.team/v1/documentsRefresh Tokens
Access tokens expire in 1 hour. Refresh to get new token:
bash
curl -X POST https://api.solatis.team/oauth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "refresh_token",
"refresh_token": "YOUR_REFRESH_TOKEN",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}'OAuth Scopes
| Scope | Description |
|---|---|
documents:read | Read documents and results |
documents:write | Upload and analyze documents |
meetings:read | Read meeting transcripts |
meetings:write | Upload and transcribe meetings |
agents:read | View agents |
agents:write | Create and modify agents |
agents:execute | Run agents |
profile:read | Access user profile |
JWT Bearer Tokens
Generate JWT Token
For CLI or automation tools:
- Go to Settings → Developer Tokens
- Click Generate Token
- Choose expiration (1 hour to 1 year)
- Copy token
Use JWT Token
bash
curl -H "Authorization: Bearer JWT_TOKEN" \
https://api.solatis.team/v1/documentsJWT Claims
json
{
"sub": "user123",
"aud": "https://api.solatis.team",
"iat": 1234567890,
"exp": 1234571490,
"scopes": ["documents:read", "agents:read"]
}Multi-Factor Authentication
If your account has MFA enabled, you may need to:
- For OAuth: MFA prompt in authorization flow
- For API Keys: MFA doesn't affect key authentication
- For CLI: Use device authentication flow
bash
# CLI with MFA
solatis auth login
# Follow prompts for MFA
# Generate temporary token
export SOLATIS_TOKEN=temp_token_from_mfaRate Limiting with Authentication
Rate limits vary by authentication method:
| Auth Method | Limit | Window |
|---|---|---|
| API Key (Free) | 100 | 1 hour |
| API Key (Pro) | 1,000 | 1 hour |
| OAuth (Free) | 500 | 1 hour |
| OAuth (Pro) | 5,000 | 1 hour |
When rate limited, you'll receive:
- Status: 429 Too Many Requests
- Header:
Retry-After: 120(wait time in seconds)
Error Handling
401 Unauthorized
json
{
"error": "unauthorized",
"message": "Invalid or expired credentials",
"code": 401
}Solutions:
- Verify API key is correct
- Check if key was deleted or rotated
- Regenerate key if compromised
- For OAuth: refresh access token
403 Forbidden
json
{
"error": "forbidden",
"message": "Insufficient permissions",
"code": 403
}Solutions:
- Check API key scopes
- Verify OAuth scopes
- Ensure user has organization access
401 vs 403
| Code | Meaning | Action |
|---|---|---|
| 401 | Invalid credentials | Authenticate again |
| 403 | Valid credentials, no permission | Request access |
Best Practices
Security
Store credentials securely
- Use environment variables
- Use secrets manager (Vault, AWS Secrets Manager)
- Never hardcode
Rotate regularly
- Rotate every 90 days
- Immediately if compromised
- Keep old key for 24 hours
Use scoped keys
- Limit permissions
- Create per-environment keys
- Separate read/write keys
Usage
Use the right auth method
- API Keys: Backend services
- OAuth: User-delegated access
- JWT: CLI and automation
Handle errors properly
- Implement retry logic
- Respect rate limits
- Log authentication failures
Monitor key usage
- Review API dashboard
- Set up alerts
- Track unusual activity
Migration Guide
From API Key to OAuth
If migrating from API keys to OAuth:
- Set up OAuth app in settings
- Update code to use OAuth flow
- Store refresh tokens securely
- Test in staging first
- Deploy new version
- Monitor for errors
- Deactivate old API key
From One Key Type to Another
- Generate new key/credentials
- Update application configuration
- Deploy updated version
- Verify new credentials work
- Delete old credentials
Troubleshooting
"Invalid API Key"
- Verify key in settings hasn't been deleted
- Check for typos
- Ensure space/no extra characters
- Regenerate key if unsure
"Token Expired"
- For OAuth: use refresh token
- For JWT: generate new token
- Check system clock synchronization
"Rate Limit Exceeded"
- Wait until
Retry-Aftertime - Implement exponential backoff
- Request higher limit for production
Examples
Python
python
import requests
import os
# Using API Key
api_key = os.environ.get("SOLATIS_API_KEY")
headers = {"Authorization": f"Bearer {api_key}"}
response = requests.get(
"https://api.solatis.team/v1/documents",
headers=headers
)JavaScript/Node.js
javascript
const fetch = require('node-fetch');
const apiKey = process.env.SOLATIS_API_KEY;
const response = await fetch(
'https://api.solatis.team/v1/documents',
{
headers: {
'Authorization': `Bearer ${apiKey}`
}
}
);
const data = await response.json();Go
go
package main
import (
"net/http"
"os"
)
func main() {
apiKey := os.Getenv("SOLATIS_API_KEY")
req, _ := http.NewRequest("GET",
"https://api.solatis.team/v1/documents", nil)
req.Header.Set("Authorization", "Bearer " + apiKey)
client := &http.Client{}
resp, _ := client.Do(req)
// Handle response
}Support
Need help with authentication?
- Email: api-support@solatis.team
- Docs: https://docs.solatis.team/api
- Status: https://status.solatis.team