Aletheia
Log in
API Authentication

API Authentication

Hosted usage should be authenticated with API keys and server-side scope enforcement.

For testing, the engine and SDKs default to a shared key: XXX1111AAA.

Key expectations

  • Keys identify the calling application or workspace.
  • Tenant or project scope is enforced server-side.
  • Audit logs attach request IDs and actor context.
  • Rate limits are applied per tenant or per key.

Example

curl http://143.110.246.15:3000/query/semantic \
  -H "x-api-key: XXX1111AAA" \
  -H "content-type: application/json" \
  -d '{"textual_query":"what changed?","entity_id":"user-123","limit":5}'

Platform workflow

The platform UI in this repo includes a demo flow for:

  • logging in
  • creating a key
  • viewing the full token
  • revoking a key

Swap the cookie-backed demo store for your production database when you wire in real auth.