Authentication
Every request needs two headers. One identifies your account, the other selects which configured agent runs the call.
Required headers
- X-Api-KeyYour platform API key. Starts with
sk-so-. Found in Settings → API Key. Authenticates your account. - X-Agent-IdUUID of the agent to invoke. Found on the Agents page on the agent card or in the agent detail header.
- Content-TypeAlways
application/json.
Example request
bash
curl -X POST https://api.sentientone.ai/v1/chat \
-H "Content-Type: application/json" \
-H "X-Api-Key: sk-so-your_api_key_here" \
-H "X-Agent-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-d '{ "message": "Hello!" }'Key vs Agent ID — what each does
The X-Api-Key is yours and authenticates the call to the platform. The X-Agent-Id picks the configured agent. Different requests can target different agents using the same key — that's how a single integration can route to a Support agent, an HR agent, and an Order Status agent without ever reshuffling credentials.
Keep it secret
Never expose X-Api-Key in client-side code, public repos, or browser network requests. Call the SentientOne API from your backend server and proxy responses to your frontend. If a key leaks, rotate it from Settings — the old key is invalidated immediately.
Common mistakes
Sending
Authorization: Bearer … instead of X-Api-Key is the most frequent. The platform only honours the X-Api-Key header and returns 401 for any other auth scheme.