Authentication
The QuantSearch API uses API keys for authentication. API access is available on Pro and Enterprise plans.
Getting API Keys
- Go to your Dashboard → API Keys
- Click Create API Key
- Give it a name (e.g., "Production", "Staging")
- Copy the key immediately - it won't be shown again
Security Warning
Never expose API keys in client-side code. Use them only in server-side applications.
Using API Keys
Include your API key in the Authorization header:
Authorization: Bearer qs_live_abc123def456...Example request:
curl https://www.quantsearch.ai/api/sites \
-H "Authorization: Bearer qs_live_abc123def456..."Key Prefixes
| Prefix | Environment |
|---|---|
qs_live_ | Production keys |
qs_test_ | Test/staging keys |
Key Permissions
API keys have full access to your organization's resources:
- Create, read, update, delete sites
- Start and manage crawl jobs
- Ingest and delete content
- Query search and chat APIs
Revoking Keys
If a key is compromised:
- Go to Dashboard → API Keys
- Find the key and click Revoke
- Create a new key and update your applications
Revoked keys are rejected immediately.
Error Responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Key doesn't have access to this resource |
Best Practices
- Use environment variables for API keys, never hardcode them
- Use separate keys for production and staging
- Rotate keys periodically
- Monitor API usage in your dashboard