TreeScale App has a standard way to authenticate API Requests using API Key generated during app creation or manually regenerated by the user from our platform.

Currently, the only way to store that TreeScale App API Key is in your project’s backend because it is essentially a secret key to access your TreeScale App and execute given AI Prompts with API Endpoints. In the upcoming releases, it is also planned to authenticate over the browser’s cookies or within your authentication system. Still, you can keep our API Key as a secret environment variable for your backend application.

API Request with the API Key

Sending an HTTP POST request with an API Key should be done by providing an Authorization header, and here, you have to give a Bearer token to pass the TreeScale App Authentication flow.

Example request with API Key

Authorization: Bearer pk_ec894b918901c68f84dbf7fbfc61506b301da6aaf86a91264723ab5901b887fd

   "params": { "country": "USA" }

It is recommended to have a definition of a generic HTTP client, which will add that header whenever you make a request to the TreeScale app.

If the API Key is wrong, or it is not matching to the application subdomain name, then API will either return 401 or 404 status codes.

We are making sure that the API Key is unique across all applications, and it is not tied to the application name, so that you can always rename your application and keep the same key.

Please don’t commit your API Key to the Git repository!

API Key Generation

TreeScale App secret key is generated randomly with a various hashing algorithms, making sure that it is unique across all our applications. This gives a possibility to regenerate your key and disable access for the old key, that might for some reason leaked to the public or lost.

In the future, it is planned to make API Key generation more flexible, so that you would be able to plug your own Authentication process/workflow to the TreeScale App Authentication and make requests directly to TreeScale App from your UI.