Authentication

The BReact OS API uses API keys for authentication. This guide covers the essentials of authenticating your API requests.

API Key Authentication

API keys must be included with every request to the BReact OS API.

HTTP Header Authentication

Include your API key in the x-api-key HTTP header:

Example using curl:

API Key Security Practices

To keep your API keys secure:

• Never commit API keys to version control
• Store keys as environment variables or in secure secret management systems
• Don't share your API keys in public forums or client-side code
• Create separate keys for development and production environments

Authentication Errors

When authentication fails, the API will return one of these errors:

• MISSING_API_KEY: No API key was provided in the request
• UNAUTHORIZED: The provided API key is invalid or expired

Example error response:

SDK Authentication

If you're using the BReact OS SDK, authentication is handled automatically in two ways:

Method 1: Initialize with API key directly

Method 2: Use environment variables

The SDK will automatically use these environment variables if set:

• BREACT_API_KEY: Your API key
• BREACT_TIMEOUT: Request timeout in seconds (default: 60)
• BREACT_POLL_INTERVAL: Polling interval for async operations in seconds (default: 10)
• DEFAULT_LOG_LEVEL: Log level for the SDK (default: INFO)
• DEFAULT_API_VERSION: API version for the SDK (default: v1)
• BREACT_BASE_URL: Base URL for the API (default: https://api-os.breact.ai)

Next Steps

• Return to API Reference
• Learn about Available Services