Authentication

Pinecall uses API keys to authenticate requests. All API requests must include your API key in the Authorization header.

Getting Your API Key

To get your API key, follow these steps:

Log in to your Pinecall account at dashboard.pinecall.ai
Navigate to the Settings page
Select the "API Keys" tab
Click "Create New API Key"
Name your API key for your reference (e.g., "Development", "Production")
Copy the generated API key immediately — you won't be able to see it again

Security Warning

Keep your API keys secure and never share them in publicly accessible areas such as GitHub, client-side code, or public forums. Your API keys carry many privileges, so be careful with them.

Using Your API Key

When using the Pinecall SDK, you can provide your API key during initialization:

sdk-auth.js

import { Pinecall } from '@pinecall/sdk';

// Initialize with API key
const pinecall = new Pinecall({
  apiKey: process.env.PINECALL_API_KEY
});

If you're making direct API requests, include your API key in the Authorization header:

api-request.js

// Using fetch
fetch('https://api.pinecall.io/v1/agents', {
  method: 'GET',
  headers: {
    'Authorization': `Bearer ${process.env.PINECALL_API_KEY}`,
    'Content-Type': 'application/json'
  }
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));

// Using axios
import axios from 'axios';

axios.get('https://api.pinecall.io/v1/agents', {
  headers: {
    'Authorization': `Bearer ${process.env.PINECALL_API_KEY}`
  }
})
.then(response => console.log(response.data))
.catch(error => console.error('Error:', error));

API Key Security Best Practices

Use Environment Variables

Store your API keys in environment variables, not in your code. This prevents accidental exposure of your keys when sharing code or pushing to repositories.

.env

PINECALL_API_KEY=your_api_key_here

Restrict API Key Access

Create separate API keys for different environments (development, testing, production) and restrict each key's permissions to only what is necessary.

Rotate API Keys Regularly

Periodically rotate your API keys to limit the damage from potential exposure. Set a reminder to create new keys and retire old ones.

Use Secrets Management

In production environments, use a secrets management service like AWS Secrets Manager, HashiCorp Vault, or environment variable management through your hosting platform.

Authentication Errors

If you encounter authentication errors, check the following:

Error	HTTP Status	Solution
Invalid API Key	401	Check if the API key is correct and properly formatted
Missing API Key	401	Ensure the Authorization header is included in your request
Expired API Key	401	Generate a new API key if your current one has expired
Insufficient Permissions	403	Your API key doesn't have permission for the requested action
Rate Limit Exceeded	429	You've made too many requests. Implement backoff or contact support to increase limits

Next Steps

Now that you understand authentication, you can:

Install the Pinecall SDK and start building
Learn about API rate limits and quotas
Explore webhooks authentication for secure event handling