Authentication
All API requests require a valid tenant API key passed as a Bearer token.
API keys
API keys are prefixed with al_live_ (production) or al_test_ (testing). They are generated during tenant provisioning and can be rotated via the console.
Making authenticated requests
Include your API key in the Authorization header:
curl https://api.kaplaix.com/v1/sessions \
-H "Authorization: Bearer al_live_your_key_here"With the SDKs, pass the key at client initialization:
const client = new KaplaixClient({ apiKey: "al_live_..." });client = KaplaixClient(api_key="al_live_...")Error responses
Invalid or missing credentials return 401:
{
"error": {
"code": "AUTHENTICATION_FAILED",
"message": "Invalid or missing API key"
}
}Base URL
| Environment | Base URL |
|---|---|
| Production | https://api.kaplaix.com |
| Self-hosted | Your deployment URL |
SDK headers
The SDKs automatically set these headers on every request:
| Header | Purpose |
|---|---|
Authorization | Bearer token with your API key |
Content-Type | application/json |
x-kaplaix-sdk | SDK identifier and version |
x-kaplaix-framework | AI framework name (if configured) |
x-kaplaix-agent-version | Your agent’s version (if configured) |
Rate limits
Rate limits are enforced per API key. When exceeded, the API returns 429 Too Many Requests with a Retry-After header. The SDKs handle retries automatically with exponential backoff.
Last updated on