Authentication

Getting Started Jun 12, 2026

All API requests must include a valid project API key in the Authorization header using the Bearer token format.

Header Format

Authorization: Bearer <YOUR_API_KEY>

Example Request

curl -X POST https://api.statement.com/api/v1/agent/query \
  -H "Authorization: Bearer sk_project_xxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Authentication Errors

If the Authorization header is missing, malformed, or contains an invalid or expired API key, the API will reject the request and return a 401 Unauthorized response.

Example Response

{
  "detail": "Invalid or expired API key"
}

Security Best Practices

  • Store API keys securely and never expose them in client-side applications.
  • Do not commit API keys to source control repositories.
  • Rotate API keys regularly according to your organization's security policies.
  • Treat API keys as sensitive credentials with access to your project's data and services.

All requests are automatically scoped to the project associated with the provided API key.

Tags

Try Statement Today

Get early updates, and product notes.

Get early access