Authentication
Learn how to authenticate with Super Agent Stack API.
Overview
Super Agent Stack uses two API keys for authentication:
- OpenRouter API Key - For accessing AI models
- Super Agent Key - For accessing memory and RAG features
Getting Your API Keys
1. OpenRouter API Key
- Visit openrouter.ai
- Sign up or log in to your account
- Navigate to the API Keys section
- Click "Create API Key"
- Copy your key (starts with
sk-or-v1-)
2. Super Agent Key
- Sign up at Super Agent Stack
- Go to your dashboard
- Navigate to API Keys section
- Click "Generate New Key"
- Copy your key (starts with
sk_live_)
Using API Keys
TypeScript/JavaScript
client.ts
import OpenAI from 'openai';
const client = new OpenAI({
baseURL: 'https://superagentstack.orionixtech.com/api/v1',
apiKey: process.env.OPENROUTER_KEY, // OpenRouter key
defaultHeaders: {
'superAgentKey': process.env.SUPER_AGENT_KEY, // Super Agent key
},
});Python
client.py
from openai import OpenAI
import os
client = OpenAI(
base_url="https://superagentstack.orionixtech.com/api/v1",
api_key=os.environ.get("OPENROUTER_KEY"), # OpenRouter key
default_headers={
"superAgentKey": os.environ.get("SUPER_AGENT_KEY"), # Super Agent key
}
)Environment Variables
Store your API keys in environment variables for security:
Create .env File
.env
OPENROUTER_KEY=sk-or-v1-your-openrouter-key-here
SUPER_AGENT_KEY=sk_live_your-super-agent-key-hereLoad Environment Variables
Node.js
// Using dotenv
import 'dotenv/config';
// Or manually
import dotenv from 'dotenv';
dotenv.config();Python
# Using python-dotenv
from dotenv import load_dotenv
load_dotenv()
# Or manually
import os
os.environ['OPENROUTER_KEY'] = 'your-key'Security
Never commit your
.env file to version control. Add it to .gitignore:.gitignore
.env
.env.local
.env.productionTesting Authentication
test-auth.ts
import OpenAI from 'openai';
const client = new OpenAI({
baseURL: 'https://superagentstack.orionixtech.com/api/v1',
apiKey: process.env.OPENROUTER_KEY!,
defaultHeaders: {
'superAgentKey': process.env.SUPER_AGENT_KEY!,
},
});
async function testAuth() {
try {
const completion = await client.chat.completions.create({
model: 'anthropic/claude-3-sonnet',
messages: [{ role: 'user', content: 'Hello!' }],
});
console.log('✅ Authentication successful!');
console.log('Response:', completion.choices[0].message.content);
} catch (error: any) {
if (error.status === 401) {
console.error('❌ Authentication failed - check your API keys');
} else {
console.error('❌ Error:', error.message);
}
}
}
testAuth();Key Management
Rotating Keys
Regularly rotate your API keys for security:
- Generate a new key in the dashboard
- Update your environment variables
- Deploy the changes
- Verify the new key works
- Revoke the old key
Revoking Keys
If a key is compromised, revoke it immediately:
- Go to your dashboard
- Find the compromised key
- Click "Revoke"
- Generate a new key
- Update your application
Production Best Practices
- Use environment variables: Never hardcode API keys
- Separate keys per environment: Use different keys for dev, staging, and production
- Rotate keys regularly: Change keys every 90 days
- Monitor usage: Track API calls to detect unauthorized access
- Use secret management: AWS Secrets Manager, Azure Key Vault, etc.
- Restrict key permissions: Use read-only keys where possible
Troubleshooting
401 Unauthorized
Check that both API keys are correct and not expired. Verify they're being sent in the correct headers.
Invalid API Key Format
OpenRouter keys start with sk-or-v1- and Super Agent keys start with sk_live_
Environment Variables Not Loading
Make sure you're loading the .env file before accessing environment variables. Check the file path and variable names.