Skip to main content
The Moonbase API uses API keys to authenticate all requests. An API key is required for all requests.

How authentication works

API requests require valid API keys. The API returns specific errors based on authentication issues:
  • Invalid request error: Missing or invalid API key
  • Authentication error: Deleted or expired API key
For more details about handling authentication errors, see the Moonbase error handling guide.

Manage API keys

Manage API keys in organization settings.
Keep API keys secret. Avoid client-side exposure.

Using API key

SDK authentication

SDKs check for an API key in the MOONBASE_API_KEY environment variable. Override this default when creating a client. 
import Moonbase from '@moonbaseai/sdk';

const client = new Moonbase({
  apiKey: process.env['MOONBASE_API_KEY'], // This is the default and can be omitted
});

Direct API calls

When calling the API directly, use HTTP Bearer authentication: 
curl --request GET \
  --url https://api.moonbase.ai/v0/collections/people \
  --header 'Authorization: Bearer MOONBASE_API_KEY'

Best practices

  • Never hardcode API keys
  • Use different API keys for different environments (development, staging, production)
  • Regenerate suspected compromised API keys
  • Never log API keys in errors or debug output