Tenzro CloudDocs

Authentication

All Tenzro Cloud API requests require authentication. This guide covers how to obtain and use API keys.

API Key Format

Tenzro API keys use the sk_ prefix followed by a unique identifier:

sk_fa1afb85bfca17a6eab6173788dacaf8fafddb43ab0c178085a9ec35faa86403

Using the API Key

Include your API key in the Authorization header with the Bearer prefix:

curl https://api.cloud.tenzro.com/cloud/ai/models \
  -H "Authorization: Bearer sk_your_api_key" \
  -H "Content-Type: application/json"

Project ID

Most endpoints require a projectId to scope the request to your project. Pass it as a query parameter or in the request body:

# As query parameter
curl "https://api.cloud.tenzro.com/cloud/vec/databases?projectId=YOUR_PROJECT_ID" \
  -H "Authorization: Bearer sk_your_api_key"


# In request body
curl https://api.cloud.tenzro.com/cloud/ai/infer \
  -H "Authorization: Bearer sk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"projectId": "YOUR_PROJECT_ID", "provider": "google", "model": "gemini-2.5-flash", "prompt": "Hello!"}'

SDK Authentication

When using the SDK, pass your API key to the constructor:

client.ts
import { Tenzro } from '@tenzro/cloud';


const client = new Tenzro({
  apiKey: process.env.TENZRO_API_KEY!,
  projectId: process.env.TENZRO_PROJECT_ID, // Optional: set default project
});


// Now all calls use the default project
const response = await client.ai.chat('Hello!');

Environment Variables

Store your API key in environment variables:

.env
TENZRO_API_KEY=sk_your_api_key_here
TENZRO_PROJECT_ID=your-project-id

Creating API Keys

Create API keys in the Console under API Keys. Each key can have:

  • Name - A descriptive name for the key
  • Scopes - Which services the key can access
  • Rate Limits - Request limits per minute/day
  • Expiration - Optional expiration date

Available Scopes

ScopeAccess
ai:read, ai:writeAI inference and embeddings
agents:read, agents:writeAgent management and execution
vec:read, vec:writeVector database operations
kev:read, kev:writeKey-value store operations
data:read, data:writeSQL database operations
files:read, files:writeFile storage operations
security:read, security:writeCryptographic operations

Security Best Practices

  • Never expose API keys in client-side code
  • Use environment variables for key storage
  • Rotate keys periodically
  • Use separate keys for development and production
  • Enable only the scopes each key needs
  • Set rate limits appropriate to your use case

Error Responses

Authentication errors return the following status codes:

StatusMeaning
401Missing or invalid API key
403Key doesn't have the required scope
429Rate limit exceeded