Authentication

API Keys

Protected SynapseX API requests accept bearer tokens and API keys.

curl https://api.synapsex.ai/v1/agents \
  -H "Authorization: Bearer sk_..."

curl https://api.synapsex.ai/v1/agents \
  -H "X-API-Key: sk_..."

Get an API Key

Use the CLI or the API key endpoint.

synapsex login --email user@example.com
synapsex keys --create "CI key"

Or call the API after login:

POST /v1/auth/keys
Authorization: Bearer <access-token>
Content-Type: application/json

{ "name": "CI key", "description": "Used by GitHub Actions" }

Key Format

sk_...

Older internal examples may show sx-, sx_live_, or sk-synapsex- placeholders. For current API-key auth, use the sk_... format accepted by the gateway and CLI.

POST /v1/auth/login
Content-Type: application/json

{ "email": "user@example.com", "password": "..." }

Response shape depends on the auth service, but includes an access token and usually a refresh token:

{
  "access_token": "eyJ...",
  "refresh_token": "eyJ...",
  "token_type": "bearer",
  "expires_in": 3600,
  "user": {
    "id": "user-123",
    "email": "user@example.com",
    "tenantId": "tenant-123"
  }
}

Headers

Header	Required	Description
`Authorization: Bearer <token>`	Yes, unless using `X-API-Key`	JWT session token or API key
`X-API-Key: sk_...`	Yes, unless using bearer auth	API-key auth alternative
`X-Tenant-Id`	SDK-dependent	Tenant scoping header used by SDK clients

Plan Limits

Plan	API Keys	API Calls/month
Free	2	1,000
Pro	10	50,000
Team	Unlimited	Unlimited
Enterprise	Unlimited	Custom

Token Validation

Gateway services validate bearer tokens with the auth service. Public clients should not call internal validation endpoints directly. Use GET /v1/auth/me to verify the active token:

curl https://api.synapsex.ai/v1/auth/me \
  -H "Authorization: Bearer eyJ..."

​Authentication

​API Keys

​Get an API Key

​Key Format

​Login Tokens

​Headers

​Plan Limits

​Token Validation