Authentication
API authentication methods and security best practices
Authentication
Learn how to authenticate with the One-ADN API using API keys, tokens, and other methods.
API Keys#
API keys are the primary authentication method for One-ADN API requests.
Generating API Keys#
- Log in to your One-ADN Dashboard
- Navigate to Settings > API Keys
- Click Create New Key
- Set permissions and expiration
- Copy and securely store your key
Using API Keys#
Include your API key in the Authorization header:
curl -H "Authorization: Bearer sk_live_xxxxxxxxxxxx" \
https://api.one-adn.io/v1/chat/completions
Or use the X-API-Key header:
curl -H "X-API-Key: sk_live_xxxxxxxxxxxx" \
https://api.one-adn.io/v1/chat/completions
Key Types#
| Prefix | Type | Description |
|--------|------|-------------|
| sk_live_ | Production | Full access to production API |
| sk_test_ | Testing | Limited to test environment |
| sk_dev_ | Development | Local development only |
Token-Based Authentication#
For more granular control, use JWT tokens.
Obtaining a Token#
curl -X POST https://api.one-adn.io/v1/auth/token \
-H "Content-Type: application/json" \
-d '{
"api_key": "sk_live_xxxxxxxxxxxx",
"expires_in": 3600
}'
Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "chat:read chat:write models:read"
}
Using Tokens#
curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..." \
https://api.one-adn.io/v1/models
Token Scopes#
| Scope | Description |
|-------|-------------|
| chat:read | Read chat history |
| chat:write | Create chat completions |
| models:read | List available models |
| usage:read | View usage statistics |
| keys:manage | Manage API keys |
OAuth 2.0 Integration#
For third-party applications, use OAuth 2.0.
Authorization Code Flow#
- Redirect users to authorize:
https://api.one-adn.io/oauth/authorize?
client_id=YOUR_CLIENT_ID&
redirect_uri=https://yourapp.com/callback&
response_type=code&
scope=chat:write models:read
- Exchange code for tokens:
curl -X POST https://api.one-adn.io/oauth/token \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "redirect_uri=https://yourapp.com/callback"
Refresh Tokens#
curl -X POST https://api.one-adn.io/oauth/token \
-d "grant_type=refresh_token" \
-d "refresh_token=REFRESH_TOKEN" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET"
Security Best Practices#
Environment Variables#
Never hardcode API keys. Use environment variables:
# .env file (never commit this!)
ONE_ADN_API_KEY=sk_live_xxxxxxxxxxxx
// In your code
const apiKey = process.env.ONE_ADN_API_KEY;
Key Rotation#
Rotate API keys regularly:
# Generate new key
one-adn keys create --name "production-v2"
# Update your application
# ...
# Revoke old key
one-adn keys revoke sk_live_old_key
IP Restrictions#
Restrict API keys to specific IPs:
one-adn keys update sk_live_xxx \
--allowed-ips "203.0.113.0/24,198.51.100.50"
Rate Limiting by Key#
Set per-key rate limits:
one-adn keys update sk_live_xxx \
--rate-limit 100 \
--rate-limit-window 60
Troubleshooting#
Common Errors#
Invalid API Key:
{
"error": {
"message": "Invalid API key provided",
"type": "invalid_request_error",
"code": "invalid_api_key"
}
}
Solution: Verify your key is correct and not expired.
Expired Token:
{
"error": {
"message": "Token has expired",
"type": "authentication_error",
"code": "token_expired"
}
}
Solution: Refresh your token or generate a new one.
Insufficient Permissions:
{
"error": {
"message": "API key lacks required scope: chat:write",
"type": "permission_error",
"code": "insufficient_scope"
}
}
Solution: Generate a new key with required scopes.
Key Management Commands#
# List all keys
one-adn keys list
# View key details
one-adn keys show sk_live_xxx
# Create new key
one-adn keys create --name "my-app" --scopes "chat:write,models:read"
# Revoke a key
one-adn keys revoke sk_live_xxx
# Check key usage
one-adn keys usage sk_live_xxx