Skip to main content

Authentication

All API requests require authentication using an API key.

API Keys

API keys are prefixed with sk_ and must be included in the Authorization header of every request:

curl -H "Authorization: Bearer sk_your_api_key_here" \
  https://api.embedd.to/v1/environments

Environment Scoping

Every request is scoped to an environment via the X-Environment-Id header:

curl -H "Authorization: Bearer sk_your_api_key_here" \
  -H "X-Environment-Id: env_abc123" \
  https://api.embedd.to/v1/connections

Resources (connections, vector tables, embedding providers) are isolated per environment.

Rate Limiting

Each API key has a configurable rate limit (default: 60 requests per minute). See Rate Limiting for details.

Security

API keys are hashed using SHA-256 before storage — we never store plaintext keys
Connection credentials are encrypted at rest using AES-256
API keys can be revoked immediately by setting revoked_at on the key record

API Keys
Environment Scoping
Rate Limiting
Security