Documentation
Start typing to search…

Authentication

Cerebrum API uses API keys to authenticate requests. Your API key identifies your account and determines your access permissions.

Quick Overview

All API requests must include your API key in the apikey header:

apikey: your_api_key_here
🔒

Keep your API key secure

Your API key carries access to your account. Never share it publicly or commit it to version control.

Getting Your API Key

You can create an API Key for your user using Cognition. Please follow the guide provided here. If you encounter any issues, please contact Cerebrum Support at [email protected].

Making Authenticated Requests

Include your API key in the apikey header with every request:

JavaScript

const response = await fetch('https://api.cerebrum.com/user/whoami', {
  method: 'GET',
  headers: {
    'apikey': 'your_api_key_here',
    'Content-Type': 'application/json'
  }
});

cURL

curl -X GET https://api.cerebrum.com/user/whoami \
  -H "apikey: your_api_key_here"

Testing Your API Key

Use the whoami endpoint to verify your API key is working correctly:

Request

Endpoint: GET /user/whoami

curl -X GET https://api.cerebrum.com/user/whoami \
  -H "apikey: your_api_key_here"

Response

{
  "id": "7d88b418-7ce8-45cd-92d6-d9a4b33622e19",
  "email": "[email protected]",
  .....
}

Response Fields:

  • id - Your user identifier
  • email - Your account email

Success!

If you receive a response with your account details, your API key is working correctly.

Common Authentication Errors

401 Unauthorized

{
  "error": "Unauthorized"
}

Causes:

  • Missing apikey header
  • Invalid API key

Solution:

  • Verify you're including the apikey header in your request
  • Double-check your API key is correct (no extra spaces or characters)

403 Forbidden

{
  "error": "Forbidden"
}

Causes:

  • Your API key doesn't have permission for this action
  • Attempting to access resources from another organization

Solution:

  • Contact support to request additional permissions

Security Best Practices

Do:

  • Store API keys in environment variables or secure key management systems
  • Rotate API keys periodically
  • Revoke compromised keys immediately

Don't:

  • Hard-code API keys in your application code
  • Commit API keys to version control (Git, etc.)
  • Share API keys via email or messaging apps
  • Expose API keys in client-side code (browser JavaScript, mobile apps)

Updated 16 days ago

What’s Next