'use client'; /** * Authentication Guide * * Refactored to use DocPage component for consistent layout * Layout handles SubsectionNav and Left Sidebar * DocPage handles Breadcrumb, Article structure, Next Steps, and TOC * This page provides only the content (Hero + sections) */ import { TipBox } from '@/components/docs/shared/TipBox'; import { Table } from '@/components/docs/shared/Table'; import { CodeBlock } from '@/components/docs/shared/CodeBlock'; import { DocPage } from '@/components/docs/layout/DocPage'; import { Hero, SectionHeader, InlineCode, } from '@/components/docs/blocks'; const tocItems = [ { id: 'overview', text: 'Overview', level: 2 }, { id: 'api-keys', text: 'API Keys', level: 2 }, { id: 'key-types', text: 'Key Types', level: 3 }, { id: 'creating-keys', text: 'Creating Keys', level: 3 }, { id: 'using-keys', text: 'Using API Keys', level: 2 }, { id: 'rate-limits', text: 'Rate Limits', level: 2 }, { id: 'security', text: 'Security Best Practices', level: 2 }, { id: 'next-steps', text: 'Next Steps', level: 2 }, ]; export default function AuthenticationGuidePage() { return ( {/* Hero Section */} {/* Overview */}
Overview

Banatie uses API keys to authenticate requests. All API endpoints require authentication via the X-API-Key header. API keys are tied to organizations and projects, providing fine-grained access control.

Quick Start: New to API authentication? Check out our{' '} Getting Started guide {' '} for a step-by-step walkthrough.
{/* API Keys */}
API Keys
Key Types

Banatie supports two types of API keys, each with different permissions and use cases:

Master Key, 'Full admin access, can create/revoke keys', Never expires, 'Server-side admin operations, key management', ], [ Project Key, 'Image generation only', 90 days, 'Application integration, API requests', ], ]} />
Master Key Security: Master keys have full administrative access and never expire. Store them securely in encrypted vaults or secret managers. Never expose master keys in client-side code, logs, or version control. Use project keys for application integration whenever possible.
Creating Keys

For first-time setup, use the bootstrap endpoint to create your initial master key:

Once you have a master key, you can create project keys for your applications:

{/* Using API Keys */}
Using API Keys

Include your API key in the X-API-Key header with every request:

Environment Variables: Store API keys in environment variables, not hardcoded in your application. Example:{' '} BANATIE_API_KEY
{/* Rate Limits */}
Rate Limits

API keys are subject to rate limits to ensure fair usage and system stability. Limits vary by key type and plan tier:

Master Key, Unlimited, 'N/A', 'N/A', ], [ Project Key (Free), 100 requests/hour, '1 hour rolling', Yes, ], [ Project Key (Pro), 1,000 requests/hour, '1 hour rolling', Yes, ], ]} />

When you exceed rate limits, the API returns a 429 Too Many Requests status. Check the response headers for retry timing:

{/* Security Best Practices */}
Security Best Practices Critical Security Guidelines:
  • Never commit API keys to version control systems (Git, SVN, etc.)
  • Store keys in environment variables or secret management services
  • Use project keys in applications, reserve master keys for admin operations
  • Rotate keys regularly, especially after team member changes
  • Implement server-side API calls for production applications
  • Monitor API key usage in your dashboard for suspicious activity

Key Rotation Example

); }