Home / API Reference / Authentication

Authentication

The 7en API uses API key authentication. Keys grant read and write access across all available APIs in your workspace. You can create and maintain multiple active keys simultaneously to support seamless rotation.

Generate an API Key

Log in to the 7en Dashboard
Navigate to Settings → API Keys
Click Create API Key
Then copy and store it securely

Attention

Your API key is displayed once at creation. If you lose access to it, you will need to create a new one. Keep your key secret — it grants full access to your workspace.

Refresh an API Key

If your API key is compromised or you need to rotate it, you can refresh it. A new key will be generated and the old key will be invalidated.

Click refresh button in the Actions column.
Set expiration and refresh the API Key

Delete an API Key

If your API key is compromised or you need to revoke it, you can delete it. A new key will be generated and the old key will be invalidated.

Click delete button in the Actions column.
Confirm deletion

Authenticate your requests

To authenticate your requests, you have to send your API key in the Authorization header in all requests to the API. Without it, your requests will fail.

Request Header

Authorization

api keyrequired

Your 7en API key. Example: Api-Key 43NKLN3LKN4nlkn

Example of request

bash

curl --location '{base_url}/api/v1/agents/' \
--header 'Authorization: Api-Key {YOUR_API_KEY}'

Error Responses

Status	Description
`401`	The API key is required
`404`	API key expired
`403`	Invalid, or revoked API key
`429`	Rate limit exceeded
`500`	Server error

401

json

{
    "error": {
        "code": "missing_api_key",
        "message": "The API key is required.",
        "status": 401
    }
}

404

json

{
    "error": {
        "code": "api_key_expired",
        "message": "API key expired.",
        "status": 404
    }
}

403

json

{
    "error": {
        "code": "invalid_api_key",
        "message": "The provided API key is invalid or has been revoked.",
        "status": 403
    }
}

429

json

{
    "error": {
        "code": "rate_limit_exceeded",
        "message": "Rate limit exceeded: 500 requests per day.",
        "status": 429
    }
}

500

json

{
    "error": {
        "code": "server_error",
        "message": "Server error during API key check.",
        "status": 500
    }
}

Security Best Practices

Never hardcode keys in source code. Use environment variables or a secrets manager.
Rotate keys regularly — especially after any suspected exposure.
Limit key scope — use separate keys per environment (development, staging, production) so you can revoke one without affecting others.
Never expose keys client-side — do not include API keys in browser requests, public repositories, or .env files committed to version control.

Ready to transform your business?

Start building intelligent AI agents to engage with customers.

← Introduction

Quick Start →

Authentication

Generate an API Key

Log in to the 7en Dashboard
Navigate to Settings → API Keys
Click Create API Key
Then copy and store it securely

Attention

Your API key is displayed once at creation. If you lose access to it, you will need to create a new one. Keep your key secret — it grants full access to your workspace.

Refresh an API Key

If your API key is compromised or you need to rotate it, you can refresh it. A new key will be generated and the old key will be invalidated.

Click refresh button in the Actions column.
Set expiration and refresh the API Key

Delete an API Key

If your API key is compromised or you need to revoke it, you can delete it. A new key will be generated and the old key will be invalidated.

Click delete button in the Actions column.
Confirm deletion

Authenticate your requests

To authenticate your requests, you have to send your API key in the Authorization header in all requests to the API. Without it, your requests will fail.

Request Header

Authorization

api keyrequired

Your 7en API key. Example: Api-Key 43NKLN3LKN4nlkn

Example of request

bash

curl --location '{base_url}/api/v1/agents/' \
--header 'Authorization: Api-Key {YOUR_API_KEY}'

Error Responses

Status	Description
`401`	The API key is required
`404`	API key expired
`403`	Invalid, or revoked API key
`429`	Rate limit exceeded
`500`	Server error

401

json

{
    "error": {
        "code": "missing_api_key",
        "message": "The API key is required.",
        "status": 401
    }
}

404

json

{
    "error": {
        "code": "api_key_expired",
        "message": "API key expired.",
        "status": 404
    }
}

403

json

{
    "error": {
        "code": "invalid_api_key",
        "message": "The provided API key is invalid or has been revoked.",
        "status": 403
    }
}

429

json

{
    "error": {
        "code": "rate_limit_exceeded",
        "message": "Rate limit exceeded: 500 requests per day.",
        "status": 429
    }
}

500

json

{
    "error": {
        "code": "server_error",
        "message": "Server error during API key check.",
        "status": 500
    }
}

Security Best Practices

Never hardcode keys in source code. Use environment variables or a secrets manager.

Rotate keys regularly — especially after any suspected exposure.

Limit key scope — use separate keys per environment (development, staging, production) so you can revoke one without affecting others.

Never expose keys client-side — do not include API keys in browser requests, public repositories, or .env files committed to version control.