Authentication
All Inherent API requests require authentication using an API key.
Creating an API Key
- Log in to the Inherent Dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Give it a descriptive name (e.g., "Production Backend")
- Copy the key immediately - you won't see it again!
Using Your API Key
Include your API key in the Authorization header:
curl -X GET https://api.inherent.systems/v1/documents \
-H "Authorization: Bearer inh_live_abc123..."
API Key Types
| Type | Prefix | Use Case |
|---|---|---|
| Live | inh_live_ | Production applications |
| Test | inh_test_ | Development and testing |
Test keys work identically to live keys but are isolated to a test environment.
Security Best Practices
Do
- Store API keys in environment variables
- Use different keys for different environments
- Rotate keys periodically
- Use the minimum required permissions
Don't
- Commit API keys to version control
- Share keys between team members
- Use production keys in development
- Log API keys in application logs
Rate Limits
Rate limits vary by plan:
| Plan | Requests/minute | Requests/day |
|---|---|---|
| Starter | 60 | 10,000 |
| Pro | 300 | 100,000 |
| Team | 1,000 | 500,000 |
| Enterprise | Custom | Custom |
When you exceed rate limits, you'll receive a 429 Too Many Requests response:
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded. Retry after 60 seconds.",
"retry_after": 60
}
}
Revoking API Keys
To revoke a compromised key:
- Go to Settings → API Keys
- Find the key to revoke
- Click the Revoke button
- Confirm revocation
Revoked keys immediately stop working. Make sure to update your application with a new key first.