All REALM AI API requests must be authenticated. We primarily use API Key authentication, with optional signature-based authentication for sensitive operations.
Base URL
https://api.realm.ai/v1
Authentication Methods
1. API Key Authentication (Standard)
Include your API Key in the X-API-Key HTTP header for all requests.
Example:
GET /v1/user/profile HTTP/1.1Host:api.realm.aiX-API-Key:YOUR_API_KEY
2. Signature Authentication (Enhanced Security)
For sensitive endpoints (e.g., initiating marketplace transactions, modifying critical settings), an additional signature is required.
Construct the String to Sign: Concatenate the following, separated by newlines ():
HTTP Method (e.g., POST)
Request Path (e.g., /v1/marketplace/listings)
Timestamp (Unix timestamp in seconds, included as X-Timestamp header)
Request Body (if present, otherwise empty string)
Generate Signature: Create an HMAC-SHA256 hash of the string using your API Secret as the key. Encode the hash in Base64.
Include Headers: Add the following headers to your request:
X-API-Key: Your API Key
X-Timestamp: The Unix timestamp used in step 1.
X-Signature: The Base64 encoded HMAC-SHA256 signature from step 2.
Example (Conceptual Python):
Endpoints requiring signature authentication will be clearly marked in their respective documentation sections.
Error Handling
401 Unauthorized: Missing or invalid X-API-Key.
403 Forbidden: Invalid signature or timestamp for endpoints requiring signature authentication.
Ensure your server clock is synchronized with NTP for accurate timestamps.
