Authentication
All API requests require an API key passed via the X-API-Key header. See also the Authentication API Reference for a quick-reference version.
Making Authenticated Requests
- curl
- Python
- TypeScript
- Go
curl "https://api.silentwitness.ai/api/cases" \
-H "X-API-Key: sk-your-api-key-here"
import requests
API_KEY = "sk-your-api-key-here"
BASE_URL = "https://api.silentwitness.ai"
resp = requests.get(
f"{BASE_URL}/api/cases",
headers={"X-API-Key": API_KEY},
)
const resp = await fetch("https://api.silentwitness.ai/api/cases", {
headers: { "X-API-Key": "sk-your-api-key-here" },
});
req, _ := http.NewRequest("GET", "https://api.silentwitness.ai/api/cases", nil)
req.Header.Set("X-API-Key", "sk-your-api-key-here")
resp, err := http.DefaultClient.Do(req)
Getting an API Key
- Log into the Silent Witness dashboard
- Navigate to Settings > API Keys
- Click Create API Key
- Copy the key — it won't be shown again
API Key Format
API keys start with sk- and are 64 characters long:
sk-a1b2c3d4e5f6...
Environment Variables
Store your API key in environment variables — never hardcode it in source code.
- curl
- Python
- TypeScript
- Go
export API_KEY="sk-your-api-key-here"
curl "https://api.silentwitness.ai/api/cases" \
-H "X-API-Key: $API_KEY"
import os
API_KEY = os.environ["API_KEY"]
const API_KEY = process.env.API_KEY;
apiKey := os.Getenv("API_KEY")
Account Association
- API keys are tied to your account — all usage is billed to your account
- Cases created via API keys appear in your dashboard alongside UI-created cases
- Each API key has independent rate limits
Authentication Errors
If the API key is missing or invalid, you'll receive a 401 response:
{
"success": false,
"error": "Invalid API key",
"error_code": "unauthorized",
"error_type": "authentication_error",
"request_id": "req_abc123"
}
Security Best Practices
- Never commit API keys to version control
- Use environment variables in all environments
- Rotate keys periodically from the dashboard
- Use separate keys for development and production
- If a key is compromised, revoke it immediately from the dashboard