Authentication
Authenticate with the Sazabi API using public and secret keys.
Sazabi uses API keys to authenticate requests. There are two types of keys, each designed for different use cases.
API key types
Public keys
Public keys are project-scoped and designed for data ingestion. Use them to send logs, events, and other telemetry data to Sazabi.
- Safe to expose in client-side code
- Scoped to a single project
- Can only write data, not read it
- Prefixed with
pk_
Secret keys
Secret keys are organization-scoped and provide full API access. Use them for server-side operations like reading threads, managing settings, and accessing the full API.
- Keep secure and never expose in client code
- Scoped to the entire organization
- Full read and write access
- Prefixed with
sk_
Secret keys provide full access to your organization's data. Never commit them to source control or expose them in client-side code.
Creating keys
You can create API keys through the dashboard or CLI.
Open API key settings
Navigate to Settings > API Keys in the Sazabi dashboard.
Create a new key
Click Create API key and select the key type:
- Public for log ingestion and client-side use
- Secret for server-side API access
Give your key a descriptive name (e.g., "Production logs" or "CI/CD pipeline").
Copy and store the key
Copy the key immediately and store it securely. You will not be able to see the full key again after closing the dialog.
Create a public key for log ingestion:
sazabi keys public-keys create --name "Production logs"Create a secret key for API access:
sazabi keys secret-keys create --name "CI/CD pipeline"The CLI will display the full key. Store it securely.
Using keys
Include your API key in the request header.
Public key header
For data ingestion endpoints (logs, events):
curl -X POST https://intake.sazabi.com/v1/logs \
-H "Content-Type: application/json" \
-H "x-sazabi-key: pk_live_your_public_key" \
-d '{"message": "Hello from Sazabi"}'Secret key header
For API endpoints (threads, messages, settings):
curl https://api.sazabi.com/threads \
-H "x-sazabi-secret-key: sk_live_your_secret_key"Key scopes
| Key Type | Scope | Use Cases |
|---|---|---|
| Public | Project | Log ingestion, event submission |
| Secret | Organization | Thread access, settings, admin API |
Rate limiting
The Sazabi API enforces rate limits to ensure fair usage and platform stability.
- Default limit: 1000 requests per minute
- Burst allowance: Short bursts above the limit are permitted
Rate limit information is included in response headers:
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests allowed per window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
When you exceed the rate limit, the API returns a 429 Too Many Requests
response:
{
"data": null,
"error": {
"code": "RATE_LIMIT_EXCEEDED",
"message": "Too many requests. Please retry after 60 seconds."
}
}If you need higher rate limits for your use case, contact support to discuss your requirements.
Best practices
Rotate keys regularly
Rotate your API keys periodically, especially secret keys. When rotating:
- Create a new key
- Update your applications to use the new key
- Verify the new key is working
- Delete the old key
Use environment variables
Store API keys in environment variables, never in code:
export SAZABI_PUBLIC_KEY="pk_live_..."
export SAZABI_SECRET_KEY="sk_live_..."Never commit keys to git
Add your environment files to .gitignore:
.env
.env.local
.env.productionUse separate keys per environment
Create distinct keys for development, staging, and production. This limits the blast radius if a key is compromised.