SetuDocs

Authentication

The Setu API authenticates requests with a bearer token. Every request must include your API key in the Authorization header.

bash
Authorization: Bearer sk-setu-...

Creating keys

Create keys from Dashboard → API Keys. When you create a key you can:

  • Scope it to products — a key can be restricted to specific models (e.g. only sutra).
  • Set a rate limit — requests per minute for the key.

The full key is displayed only once at creation. We store only a SHA-256 hash, so we can never show it again — keep it safe.

Security best practices

  • Never expose keys in client-side code or public repositories.
  • Use separate keys per environment (dev, staging, production).
  • Revoke keys immediately if they may have leaked.
  • Set the narrowest product scope each key needs.

Errors

Missing, malformed, revoked or expired keys return a 401 Unauthorized. Keys without permission for the requested model return 403 Forbidden. See Errors for details.