Authentication
All Inherent API requests require authentication using an API key.
Creating an API Key
- Log in to the Inherent Dashboard
- Navigate to Settings > API Keys
- Click Create API Key
- Give it a descriptive name (e.g., "Production Backend")
- Copy the key immediately - you won't see it again!
Using Your API Key
Include your API key in the X-API-Key header:
curl -X GET https://api.inherent.sh/v1/documents \
-H "X-API-Key: ink_your_api_key"
API Key Types
| Type | Prefix | Use Case |
|---|---|---|
| Live | inh_live_ | Production applications |
| Test | inh_test_ | Development and testing |
Test keys work identically to live keys but are isolated to the sandbox environment.
Security Best Practices
Do
- Store API keys in environment variables
- Use different keys for different environments
- Rotate keys periodically
- Use the minimum required permissions
Don't
- Commit API keys to version control
- Share keys between team members
- Use production keys in development
- Log API keys in application logs
Rate Limits
Rate limits vary by plan:
| Plan | Requests / minute |
|---|---|
| Sandbox | 100 |
| Pro | 500 |
| Business | 2,000 |
When you exceed rate limits, you'll receive a 429 Too Many Requests response:
{
"error": {
"code": "rate_limit_exceeded",
"message": "Rate limit exceeded. Retry after 60 seconds.",
"retry_after": 60
}
}
Revoking API Keys
To revoke a compromised key:
- Go to Settings > API Keys
- Find the key to revoke
- Click the Revoke button
- Confirm revocation
Revoked keys immediately stop working. Make sure to update your application with a new key first.