R
RadMah AIDOCS
Sign In
Guide5 min read

Authentication

Authenticate with RadMah AI using API keys or JWT tokens. Every request requires authentication — there are no anonymous endpoints.

Authentication methods

API Keys

Long-lived keys for server-to-server integrations, CI/CD pipelines, and SDK usage. Recommended for most use cases.

Recommended

JWT Tokens

Short-lived tokens obtained via email/password login. Used by the client dashboard and browser-based applications.

1

Create an API key

Navigate to Settings → API Keys in the client dashboard and click Create Key. Copy the key immediately — it is only shown once.

Key format

API keys use the prefix sl_live_ for production and sl_test_ for sandbox. The platform rejects keys with an unrecognized prefix.

2

Use the API key

Pass the key via the X-API-Key header, or use the SDK which handles this automatically.

SDK initialization
from radmah_sdk import RadMahClient

# API key — passed as X-API-Key header automatically
client = RadMahClient(api_key="sl_live_your_key_here")

# Verify authentication
health = client.health()
print(f"Connected: {health.status}")

JWT Authentication

For browser-based applications, authenticate with email and password to receive a JWT token. Tokens expire after 24 hours and can be refreshed.

Login with email/password
import httpx

# Login to get a JWT token
response = httpx.post(
    "https://api.radmah.ai/v1/client/auth/login",
    json={
        "email": "you@company.com",
        "password": "your_password"
    }
)
token = response.json()["access_token"]

# Use the token with the SDK
client = RadMahClient(api_key=token)

Key management

OperationSDK MethodREST Endpoint
Create keyclient.create_api_key()POST /v1/client/api-keys
List keysclient.list_api_keys()GET /v1/client/api-keys
Rotate keyclient.rotate_api_key(id)POST /v1/client/api-keys/{id}/rotate
Revoke keyclient.revoke_api_key(id)DELETE /v1/client/api-keys/{id}

Security best practices

Never expose API keys in client-side code

API keys should only be used in server-side code, CI/CD pipelines, or secure environments. For browser applications, use the JWT authentication flow.

  • Store keys in environment variables or a secrets manager — never in source code
  • Rotate keys regularly using the rotate_api_key method
  • Use separate keys for production and development
  • Revoke compromised keys immediately — revocation is instant
  • Enable MFA on your account for an additional layer of protection

Next steps

Generate Mock Data

Your first end-to-end data generation with Python or cURL

SDK Installation

Install the Python SDK and configure your environment

REST API Reference

Complete endpoint documentation