IsomeraDocs

API Version v1

api.isomera.ai/v1

Authentication

Learn how to authenticate with the Isomera API.

API Keys

The Widget API uses API keys for authentication. Each client organization receives a unique API key that identifies them and scopes access to their content.

Get your API keys in the Dashboard under Settings → API Keys.

Security: Never expose your API key in client-side code. Use environment variables and server-side proxies.

Include your API key in the X-API-Key header:

Example Request
curl -X POST https://api.isomera.ai/api/v1/widget/chat \
  -H "Content-Type: application/json" \
  -H "X-API-Key: wk_your_api_key_here" \
  -d '{"message": "What are the side effects?"}'

API Key Format

API keys follow a specific format:

  • wk_ prefix identifies it as a widget key
  • Followed by 43 characters of base64-encoded random data
  • Example: wk_your_api_key_here

Error Responses

401Invalid API Key
{
  "detail": "Invalid API key"
}
403Client Inactive
{
  "detail": "Client is inactive"
}

Admin Authentication

Admin endpoints (for managing clients, ingesting content, etc.) use JWT authentication. These endpoints are intended for internal use only and require a valid JWT token in the Authorization header.

Admin Request
curl -X GET https://api.isomera.ai/api/v1/widget/admin/clients \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."