Authentication
All Tenzro Cloud API requests require authentication. This guide covers how to obtain and use API keys.
API Key Format
Tenzro API keys consist of two parts separated by a colon: a key ID prefix and a secret.
dev_847afd119f5f9e79718edd3f33e18670:DD8Z45NbO2w6taKqP4CarPj_aG9TrYlPOOa2Hs0EqRc└─────────────── key_id ───────────────┘:└──────────── secret ────────────────┘
Using the API Key
Include your API key in the Authorization header with the Bearer prefix:
curl https://api.cloud.tenzro.com/cloud/ai/models \-H "Authorization: Bearer YOUR_API_KEY" \-H "Content-Type: application/json"
Project ID
Most endpoints also require a projectId to scope the request to your project. Pass it as a query parameter:
curl "https://api.cloud.tenzro.com/cloud/vec/databases?projectId=YOUR_PROJECT_ID" \-H "Authorization: Bearer YOUR_API_KEY"
SDK Authentication
When using the SDK, pass your API key to the constructor:
client.ts
import { Tenzro } from 'tenzro';const tenzro = new Tenzro({apiKey: process.env.TENZRO_API_KEY!,// Optional: override the base URLbaseURL: 'https://api.cloud.tenzro.com',});
Environment Variables
We recommend storing your API key in environment variables:
.env
TENZRO_API_KEY=dev_xxx:yyyTENZRO_PROJECT_ID=your-project-id
Creating API Keys
You can create API keys in the Console. Each key can have:
- Name - A descriptive name for the key
- Enabled Services - Which services the key can access (DATA, AI, SECURITY, etc.)
- Rate Limits - Per-service request limits
- Expiration - Optional expiration date
- Cost Cap - Maximum spend limit
Security Best Practices
- Never expose API keys in client-side code
- Use environment variables for key storage
- Rotate keys periodically
- Use separate keys for development and production
- Enable only the services each key needs
Error Responses
Authentication errors return the following status codes:
| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key |
| 403 | Key doesn't have access to requested resource |
| 429 | Rate limit exceeded |