Authentication

The Avala API uses API keys for authentication. Include your API key in the X-Avala-Api-Key header with every request.

Creating API Keys

Log in to Mission Control
Click your profile → Settings
Navigate to Security & Identity → API Keys
Click Create API Key
Enter a name for the key (e.g., “Production Server”)
Optionally set an expiration date
Click Create
Copy and securely store the key

API keys are shown only once when created. Store them securely and never commit them to version control.

Using API Keys

Include the key in the X-Avala-Api-Key header:

cURL


curl https://server.avala.ai/api/v1/datasets/johndoe/list/ \
  -H "X-Avala-Api-Key: your-api-key"

Python


import requests
 
API_KEY = "your-api-key"
BASE_URL = "https://server.avala.ai/api/v1"
 
headers = {"X-Avala-Api-Key": API_KEY}
 
response = requests.get(f"{BASE_URL}/datasets/johndoe/list/", headers=headers)
datasets = response.json()

JavaScript


const API_KEY = 'your-api-key';
const BASE_URL = 'https://server.avala.ai/api/v1';
 
const response = await fetch(`${BASE_URL}/datasets/johndoe/list/`, {
  headers: {
    'X-Avala-Api-Key': API_KEY
  }
});
 
const datasets = await response.json();

Managing API Keys

List Keys

View all your API keys in Mission Control under Settings → API Keys.

Each key shows:

Name
Creation date
Expiration date (if set)
Last used date

Delete Keys

Go to Settings → API Keys
Find the key to delete
Click the delete icon
Confirm deletion

Deleting an API key immediately revokes access. Any applications using that key will stop working.

Key Expiration

API keys can have an optional expiration date:

Keys without expiration never expire
Expired keys return 401 Unauthorized
Set expiration for temporary or contractor access

Best Practices

Security

Never commit keys to version control
Use environment variables to store keys
Rotate keys periodically
Use separate keys for different environments (dev, staging, prod)

Environment Variables


# Set in your shell
export AVALA_API_KEY="your-api-key"


import os
 
API_KEY = os.environ.get("AVALA_API_KEY")

Key Rotation

Create a new API key
Update your applications to use the new key
Verify the new key works
Delete the old key

Error Responses

Invalid Key


{
  "detail": "Invalid API key."
}

HTTP Status: 401 Unauthorized

Expired Key


{
  "detail": "API key has expired."
}

HTTP Status: 401 Unauthorized

Missing Key


{
  "detail": "Authentication credentials were not provided."
}

HTTP Status: 401 Unauthorized

Next Steps

API Overview - Learn about available endpoints
Datasets API - Start working with data