Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.alterscope.org/llms.txt

Use this file to discover all available pages before exploring further.

Every request to the Alterscope Developer API authenticates with an API key. Keys are issued in the Developer Portal under your organization’s API Keys settings, and are prefixed sk_live_.
Treat an API key like a password. Store it in an environment variable or a secrets manager, never in source control or client-side code. The key carries your organization’s scopes and quota.

Sending the key

Send the key as a bearer token in the Authorization header: 
Authorization: Bearer sk_live_xxx
This is the only form that authenticates an HTTP request. Browser WebSocket clients, which cannot set custom headers, pass the key via the ?token= query parameter on connect instead — that is the only other accepted form.

Rotation and revocation

Create a new key in the Developer Portal before retiring an old one, switch your application to the new key, then revoke the old key. A revoked or expired key fails closed: requests return 401 with an error code of revoked_key or expired_key. See Errors for the full status mapping.

What a key can access

A key carries a set of scopes (what it may call) and is bound to a plan tier (how much and how often). A request that lacks the required scope returns 403 with code insufficient_scope. Org admins can mint keys with a subset of scopes using a key that holds admin:keys.

Next steps

Scopes

The permissions a key can hold.

Rate limits

Per-tier request and quota limits.