Authentication

Authentication API

All REALM AI API requests must be authenticated. We primarily use API Key authentication, with optional signature-based authentication for sensitive operations.

Base URL

https://api.realm.ai/v1

Authentication Methods

1. API Key Authentication (Standard)

Include your API Key in the X-API-Key HTTP header for all requests.

Example:

GET /v1/user/profile HTTP/1.1
Host: api.realm.ai
X-API-Key: YOUR_API_KEY

2. Signature Authentication (Enhanced Security)

For sensitive endpoints (e.g., initiating marketplace transactions, modifying critical settings), an additional signature is required.

  1. Construct the String to Sign: Concatenate the following, separated by newlines ():

    • HTTP Method (e.g., POST)

    • Request Path (e.g., /v1/marketplace/listings)

    • Timestamp (Unix timestamp in seconds, included as X-Timestamp header)

    • Request Body (if present, otherwise empty string)

  2. Generate Signature: Create an HMAC-SHA256 hash of the string using your API Secret as the key. Encode the hash in Base64.

  3. Include Headers: Add the following headers to your request:

    • X-API-Key: Your API Key

    • X-Timestamp: The Unix timestamp used in step 1.

    • X-Signature: The Base64 encoded HMAC-SHA256 signature from step 2.

Example (Conceptual Python):

Endpoints requiring signature authentication will be clearly marked in their respective documentation sections.

Error Handling

  • 401 Unauthorized: Missing or invalid X-API-Key.

  • 403 Forbidden: Invalid signature or timestamp for endpoints requiring signature authentication.

Ensure your server clock is synchronized with NTP for accurate timestamps.

PreviousVideo GenerationNextCreate or Edit Model

Last updated