Authentication

API key authentication, token management, and security best practices.

Overview

Conjure uses API key authentication to secure access to the platform. API keys are tied to your user account and subscription tier, enabling premium feature access and usage tracking.

Security First:

API keys are shown only once during creation. Store them securely and never commit them to version control or share them publicly.

Getting an API Key

1. Sign Up

Create an account at conjure.lautrek.com/signup. Start with the free tier (500 operations/month) with no credit card required.

2. Retrieve Your API Key

Your API key is displayed immediately after signup. Copy it to a secure location.

Example API Key

conjure_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Important: API keys are not recoverable. If you lose your key, you must generate a new one from your account dashboard.

Using API Keys

HTTP Header Authentication

Include your API key in the X-API-Key header for all authenticated requests:

cURL Example

curl -H "X-API-Key: conjure_live_your_api_key" \
  https://conjure.lautrek.com/api/v1/auth/user

Python Example

import requests

headers = {
    "X-API-Key": "conjure_live_your_api_key",
    "Content-Type": "application/json"
}

response = requests.get(
    "https://conjure.lautrek.com/api/v1/auth/user",
    headers=headers
)

print(response.json())

JavaScript Example

const response = await fetch(
  "https://conjure.lautrek.com/api/v1/auth/user",
  {
    headers: {
      "X-API-Key": "conjure_live_your_api_key",
      "Content-Type": "application/json"
    }
  }
);

const data = await response.json();
console.log(data);

WebSocket Authentication

For WebSocket connections, provide the API key as a query parameter or in the Authorization header:

Query Parameter

wss://conjure.lautrek.com/api/v1/adapter/ws?api_key=conjure_live_your_api_key

Authorization Header (Preferred)

const ws = new WebSocket(
  "wss://conjure.lautrek.com/api/v1/adapter/ws",
  {
    headers: {
      "Authorization": "Bearer conjure_live_your_api_key"
    }
  }
);

Subscription Tiers

Your API key is tied to your subscription tier, which determines feature access:

Free

500 operations/month. Full access to all CAD operations.

Maker

3,000 operations/month. For hobbyists and makers.

Pro

20,000 operations/month. Cloud libraries and priority support.

Team

50,000 operations/month. Up to 10 team members.

Free Tier Available: Start with 500 free operations per month. No credit card required.
View Pricing

Managing API Keys

Rotating Keys

Regularly rotate your API keys for security. Generate a new key from your dashboard and update your applications before revoking the old key.

  1. Generate new API key from dashboard
  2. Update all applications with new key
  3. Test that new key works
  4. Revoke old API key

Revoking Keys

If your API key is compromised, revoke it immediately from your account dashboard. All requests using that key will be rejected immediately.

Emergency: If you suspect your key has been compromised, revoke it immediately and generate a new one. Contact [email protected] if you need assistance.

Security Best Practices

1. Never Commit API Keys

Don't commit API keys to version control. Use environment variables or secret managers. 

# .env file (add to .gitignore)
CONJURE_API_KEY=conjure_live_your_api_key

# Load in code
import os
api_key = os.getenv("CONJURE_API_KEY")

2. Use Environment Variables

Store API keys in environment variables, not in source code. This makes it easy to rotate keys and prevents accidental exposure.

3. Restrict API Key Scope

Use separate API keys for different environments (development, staging, production). This limits the impact if a key is compromised.

4. Monitor Usage

Regularly check your usage dashboard for unexpected activity. Set up alerts for unusual patterns that might indicate key compromise.

5. Rotate Keys Regularly

Rotate API keys every 90 days as a security best practice, even if they haven't been compromised.

6. Use HTTPS Only

Always use HTTPS (not HTTP) when making API requests. The Conjure API only accepts HTTPS connections to protect your API key in transit.

Authentication Errors

401

Unauthorized

Missing or invalid API key.

{
  "error": "Missing or invalid API key",
  "status_code": 401
}
403

Forbidden

Valid API key but insufficient permissions for the requested resource.

{
  "error": "Cloud libraries are a premium feature",
  "status_code": 403
}

Example: Secure Key Storage

Python with python-dotenv

# .env file (add to .gitignore)
CONJURE_API_KEY=conjure_live_your_api_key

# main.py
import os
from dotenv import load_dotenv
import requests

# Load environment variables
load_dotenv()

# Get API key from environment
api_key = os.getenv("CONJURE_API_KEY")

# Use in requests
response = requests.get(
    "https://conjure.lautrek.com/api/v1/auth/user",
    headers={"X-API-Key": api_key}
)

print(response.json())

Node.js with dotenv

// .env file (add to .gitignore)
// CONJURE_API_KEY=conjure_live_your_api_key

// index.js
require('dotenv').config();

const apiKey = process.env.CONJURE_API_KEY;

const response = await fetch(
  "https://conjure.lautrek.com/api/v1/auth/user",
  {
    headers: {
      "X-API-Key": apiKey
    }
  }
);

const data = await response.json();
console.log(data);

Next Steps

Get an API Key Sign up for free REST API Explore the API Quick Start Get started in 5 minutes