Authentication
The Setu API authenticates requests with a bearer token. Every request must include your API key in the Authorization header.
bash
Authorization: Bearer sk-setu-...Creating keys
Create keys from Dashboard → API Keys. When you create a key you can:
- Scope it to products — a key can be restricted to specific models (e.g. only
sutra). - Set a rate limit — requests per minute for the key.
The full key is displayed only once at creation. We store only a SHA-256 hash, so we can never show it again — keep it safe.
Security best practices
- Never expose keys in client-side code or public repositories.
- Use separate keys per environment (dev, staging, production).
- Revoke keys immediately if they may have leaked.
- Set the narrowest product scope each key needs.
Errors
Missing, malformed, revoked or expired keys return a 401 Unauthorized. Keys without permission for the requested model return 403 Forbidden. See Errors for details.