Authentication

Choosing a mode

Public key mode is the fastest path: send the key as a Bearer token and call /api/suggest. Secret key + access token mode is recommended for production — your server holds the secret key, mints short-lived tokens, and the client uses those.

Public key

Send the public key as a Bearer credential in the Authorization header. Public keys are scoped and rate-limited; they're safe to ship in client-side code.

curl https://api.ai-autocomplete.com/api/suggest \
  -H "Authorization: Bearer pk_v1_your_public_key" \
  -H "Content-Type: application/json" \
  -d '{ "data": { "raw_query": "Create a" }, "meta": { ... } }'

Secret key + access token (recommended)

Keep the secret key on your server. Your server exchanges it for a short-lived access token, which your client passes as a Bearer credential when calling /api/suggest.

Mint a token

On your backend, exchange the secret key for a short-lived access token. Forward the response to your client — the secret key must never reach end-user devices.

{
  "product_id": "<uuid>"
}

{
  "access_token": "at_v1_AbCdEfGh...",
  "expires_at": 1775464738,
  "token_type": "Bearer"
}

{
  "error": {
    "code": "INVALID_SECRET_KEY",
    "message": "The provided secret key is invalid"
  }
}

Use the token

Call /api/suggest with the returned access_token in the Authorization header.

# Mint a short-lived access token on your server
TOKEN_JSON=$(curl -s https://api.ai-autocomplete.com/api/auth/token \
  -H "Authorization: Bearer $MAGICX_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "product_id": "<your-product-id>" }')

ACCESS_TOKEN=$(echo "$TOKEN_JSON" | jq -r .access_token)

# Call /api/suggest with the access token
curl https://api.ai-autocomplete.com/api/suggest \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "data": { "raw_query": "Create a" }, "meta": { ... } }'