API Key Authentication
All endpoints (except /health) require authentication via API key.
Using the SDK (Zero-config)
Set your API key as an environment variable and use the static Instance methods:
export IN10NT_API_KEY=your_api_key
import { Instance } from '@in10nt/sdk';
// Reads IN10NT_API_KEY automatically
const instance = await Instance.create({
name: 'my-agent',
description: 'Agent'
});
Using the Client
Pass your API key explicitly when creating a client:
import { In10ntClient } from '@in10nt/sdk';
const client = new In10ntClient({
apiKey: 'your_api_key'
});
Environment Variables
You can also set your API key as an environment variable:
export IN10NT_API_KEY=your_api_key
const client = new In10ntClient();
// or
const instance = await Instance.create({ name: 'x', description: 'y' });
Direct API Requests
If you’re making direct API requests without the SDK, include your API key in the Authorization header:
Bearer Token (Recommended)
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://in10t-api-v2.fly.dev/instances
curl -H "X-API-Key: YOUR_API_KEY" \
https://in10t-api-v2.fly.dev/instances
Base URL
The default API base URL is:
https://in10t-api-v2.fly.dev
const client = new In10ntClient({
apiKey: 'your_api_key',
baseURL: 'https://custom-api-url.com'
});
// Or with static methods
const instance = await Instance.create(
{ name: 'x', description: 'y' },
{ baseURL: 'https://custom-api-url.com' }
);
Security Best Practices
Never commit API keys to version control. Always use environment variables or secure secret management.
- Store API keys in environment variables
- Use different keys for development and production
- Rotate keys regularly
- Never expose keys in client-side code
- Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)
