Authentication

Authenticate OptimAI Search API requests with an API key.

Create or manage API keys at search.optimai.network/api-keys.

Send API keys in the X-API-Key header.

X-API-Key: sk-...

Server-side only

Keep keys on your server. Browser clients should call your backend, and your backend should call OptimAI Search.

await fetch("https://api-onchain.optimai.network/v1/search", {
  method: "POST",
  headers: {
    "X-API-Key": process.env.OPTIMAI_API_KEY ?? "",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ query: "What is OptimAI Search?", limit: 3 }),
})

Rotation

Rotate keys when a team member leaves, a key is exposed, or an application boundary changes.

Common mistakes

  • Sending Authorization: Bearer ... instead of X-API-Key.
  • Reading the key from a client-side NEXT_PUBLIC_ or VITE_ variable.
  • Forgetting to set the key in the production runtime after local testing.