Authentication
All API requests must include a valid project API key in the Authorization header using the Bearer token format.
Header Format
Authorization: Bearer <YOUR_API_KEY>
Example Request
curl -X POST https://api.statement.com/api/v1/agent/query \
-H "Authorization: Bearer sk_project_xxxxxxxxxxxxx" \
-H "Content-Type: application/json"
Authentication Errors
If the Authorization header is missing, malformed, or contains an invalid or expired API key, the API will reject the request and return a 401 Unauthorized response.
Example Response
{
"detail": "Invalid or expired API key"
}
Security Best Practices
- Store API keys securely and never expose them in client-side applications.
- Do not commit API keys to source control repositories.
- Rotate API keys regularly according to your organization's security policies.
- Treat API keys as sensitive credentials with access to your project's data and services.
All requests are automatically scoped to the project associated with the provided API key.