Authentication
All GlyphNet API requests require authentication using an API key.
API Key Format
GlyphNet API keys follow this format:
gn_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6gn_- GlyphNet prefixlive_ortest_- Environment indicator- 48 random characters - Unique identifier
Using Your API Key
Include your API key in the X-API-Key header with every request:
curl -X POST https://api.glyphnet.io/v1/verify \
-H "X-API-Key: gn_live_your_key_here" \
-H "Content-Type: application/json" \
-d '{"text": "Hello world"}'Python Example
import requests
headers = {
"X-API-Key": "gn_live_your_key_here",
"Content-Type": "application/json"
}
response = requests.post(
"https://api.glyphnet.io/v1/verify",
headers=headers,
json={"text": "The sky is blue."}
)JavaScript Example
const response = await fetch('https://api.glyphnet.io/v1/verify', {
method: 'POST',
headers: {
'X-API-Key': 'gn_live_your_key_here',
'Content-Type': 'application/json'
},
body: JSON.stringify({ text: 'The sky is blue.' })
});Security Best Practices
Never Expose Your Key
Warning: Never include your API key in:
- Client-side JavaScript (browser code)
- Mobile app source code
- Public Git repositories
- Log files or error messages
Use Environment Variables
Store your key in an environment variable:
# .env file (never commit this!)
GLYPHNET_API_KEY=gn_live_your_key_hereimport os
api_key = os.environ.get("GLYPHNET_API_KEY")Use Server-Side Proxies
For web apps, create a server-side endpoint that makes API calls:
// Your backend API route
app.post('/api/verify', async (req, res) => {
const response = await fetch('https://api.glyphnet.io/v1/verify', {
method: 'POST',
headers: {
'X-API-Key': process.env.GLYPHNET_API_KEY,
'Content-Type': 'application/json'
},
body: JSON.stringify(req.body)
});
res.json(await response.json());
});Rotate Keys Regularly
Generate new API keys periodically and revoke old ones.
Managing API Keys
Create a New Key
Via the dashboard at glyphnet.io/dashboard/keys (opens in a new tab), or via API:
curl -X POST https://api.glyphnet.io/v1/keys \
-H "X-API-Key: gn_live_your_existing_key" \
-H "Content-Type: application/json" \
-d '{"name": "Production Server"}'Revoke a Key
If a key is compromised, revoke it immediately:
curl -X DELETE https://api.glyphnet.io/v1/keys/{key_id} \
-H "X-API-Key: gn_live_your_key"List Your Keys
curl https://api.glyphnet.io/v1/keys \
-H "X-API-Key: gn_live_your_key"Response:
{
"keys": [
{
"id": "key_abc123",
"name": "Production Server",
"prefix": "gn_live_a1b2",
"created_at": "2024-01-15T10:30:00Z",
"last_used_at": "2024-01-20T15:45:00Z"
}
]
}Authentication Errors
401 Unauthorized
{
"error": "invalid_api_key",
"message": "The API key provided is invalid or has been revoked."
}Causes:
- Missing
X-API-Keyheader - Invalid API key format
- Revoked or deleted key
- Using a test key in production (or vice versa)
403 Forbidden
{
"error": "insufficient_permissions",
"message": "Your API key does not have permission for this action."
}Causes:
- Key doesn't have required scopes
- Trying to access another organization's resources
Rate Limits by Plan
| Plan | Requests/Minute | Monthly Limit |
|---|---|---|
| Free | 60 | 1,000 |
| Starter | 200 | 50,000 |
| Professional | 500 | 500,000 |
| Enterprise | 2,000 | 10,000,000 |
When you exceed limits, you'll receive a 429 Too Many Requests response.