Authentication

API Keys

Authenticate your application with Contensa.ai using API keys. Every request to the API must include a valid API key.

Getting Your API Key

1

Open your project

Go to your Contensa.ai dashboard and select the project you want to connect to.

2

Find the API Keys card

On the project dashboard home page, locate the "API Keys" card. If you already have a key, it shows the key prefix with a green dot. If not, it shows a "Generate Key" button.

3

Click "Manage Keys" or "Generate Key"

Click the button to open the API key modal. If generating for the first time, choose a name and plan then confirm.

4

Reveal and copy the full key

In the modal, click the eye icon next to the key field to reveal the full API key, then click the copy icon to copy it.

5

Store it securely

Paste it into your environment variables (.env.local). The full key is only temporarily retrievable — once the session window closes it cannot be shown again, so save it now.

Key Types

Read-Only Key

Recommended for frontend

Can only fetch published content. Safe to use in client-side code and public repositories. Use this for your website or app frontend.

Read-Write Key

Server-side only

Can read and write content. Never expose this in client-side code. Use only in server-side environments, CI/CD pipelines, or backend services.

Using Your API Key

Pass your API key when initializing the SDK:

import { MybeSDK } from '@mybe/sdk';

const sdk = new MybeSDK({
  apiKey: process.env.CONTENSA_API_KEY // Always use env vars
});

Or pass it directly in the Authorization header for raw HTTP requests:

curl https://api.mybe.app/api/v1/projects \
  -H "X-API-Key: your-api-key-here"

Storing Keys Securely

Never hardcode API keys in your source code. Use environment variables:

# .env.local (Next.js)
CONTENSA_API_KEY=your-read-only-key-here

# For server-side only (not exposed to browser)
CONTENSA_WRITE_API_KEY=your-read-write-key-here
// next.config.ts — expose read-only key to browser if needed
const nextConfig = {
  env: {
    NEXT_PUBLIC_CONTENSA_API_KEY: process.env.CONTENSA_API_KEY,
  },
};

Security Best Practices

Never commit API keys to version control (add .env to .gitignore)

Use read-only keys for all public-facing applications

Rotate keys immediately if you suspect they have been compromised

Create separate keys for each environment (dev, staging, production)

Use your hosting platform's secret management (Vercel, Netlify, AWS Secrets Manager)

Rate Limits

API requests are rate-limited per API key based on your plan:

PlanRequests / minuteRequests / month
Free Trial6010,000
Starter120100,000
Pro3001,000,000
EnterpriseCustomUnlimited

When you exceed the rate limit, the API returns a 429 Too Many Requests response. Implement exponential backoff in your retry logic.