Skip to main content

Overview

APITHON uses Bearer token authentication to secure access to the API Gateway. All requests to the /v1/chat/completions endpoint must include a valid authentication token in the Authorization header.

Authentication Method

Bearer Token

The API uses a simple Bearer token authentication scheme. The default API key is configured in apithon.py:29: 
API_KEY_GATEWAY = "UnHackerEnCapital"

Authentication Check

Authentication is validated in the apithon_gateway function (apithon.py:134-136): 
auth_header = request.headers.get("Authorization")
if auth_header != f"Bearer {API_KEY_GATEWAY}":
    return jsonify({"error": "Unauthorized"}), 401
The API expects the Authorization header to contain the exact string Bearer {API_KEY_GATEWAY}.

How to Authenticate

Including the Token

Include the Bearer token in the Authorization header of your HTTP request: 
Authorization: Bearer UnHackerEnCapital

Example Request

curl http://localhost:5000/v1/chat/completions \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer UnHackerEnCapital' \
  -d '{
    "messages": [
      {
        "role": "user",
        "content": "Hello, how are you?"
      }
    ]
  }'

Error Responses

401 Unauthorized

If authentication fails, the API returns a 401 Unauthorized status code with the following response: 
{
  "error": "Unauthorized"
}
This error occurs when:
  • The Authorization header is missing
  • The Bearer token is incorrect
  • The header format is invalid
Always ensure the Authorization header includes “Bearer ” followed by the correct API key.

Security Considerations

Production Security: The default API key UnHackerEnCapital is hardcoded in the source code and should NEVER be used in production environments.

Best Practices

  1. Change the Default Key: Modify the API_KEY_GATEWAY value in apithon.py:29 before deploying to production
  2. Use Environment Variables: Store the API key in environment variables instead of hardcoding it
  3. Use HTTPS: Always use HTTPS in production to encrypt the Bearer token in transit
  4. Rotate Keys Regularly: Implement a key rotation policy for enhanced security
  5. Restrict Network Access: Use firewall rules to limit which IPs can access the API
Instead of the hardcoded key, use environment variables: 
import os
API_KEY_GATEWAY = os.getenv("APITHON_API_KEY", "UnHackerEnCapital")
Then set the environment variable before running: 
export APITHON_API_KEY="your-secure-random-key-here"
python apithon.py
The authentication mechanism is intentionally simple for POC (Proof of Concept) purposes. For production use, consider implementing more robust authentication methods such as OAuth 2.0, JWT tokens, or API key management systems.

Next Steps

API Endpoints

Explore available API endpoints

Quick Start

Get started with APITHON

Build docs developers (and LLMs) love

Get started for freeTalk to us