Authentication
All API requests are authenticated with an API key scoped to your organization.
API Key Format
API keys have the format sk_live_ followed by 32 characters:
sk_live_A7dF3xKpQrNmBvYcWsJt2HgL9uE8oI1ZPassing the Key
Pass your key in the Authorization header or as X-API-Key:
import os from smartsbio import SmartsBio # Load key from environment variable (recommended) client = SmartsBio(api_key=os.environ["SMARTS_API_KEY"])
Key Scopes
When creating a key, you choose which operations it can perform:
| Scope | Endpoints |
|---|---|
query | POST /v1/query, POST /v1/query/stream |
tools | GET /v1/tools, POST /v1/tools/:id/run |
conversations | GET /v1/conversations, GET /v1/conversations/:id |
files | GET /v1/files |
Note: GET /v1/workspaces is accessible with any scope.
Workspace Scoping
Keys can be scoped to specific workspaces or have access to all workspaces in an organization. When scoped, the workspace_id in file/conversation requests must match an allowed workspace, otherwise a workspace_access_denied error is returned.
Managing Keys
Generate, view, and revoke keys from your Organization Settings → API Keys tab. Revoked keys stop working within 30 seconds (cache TTL).