Authentication
Every request to the Roset API must be authenticated. Roset supports two methods: API keys for server-side applications and bearer tokens for browser-based clients. Both are passed via the Authorization header.
API Keys
API keys are long-lived credentials designed for backend services, scripts, and CI/CD pipelines. All Roset API keys use the rsk_ prefix for easy identification.
Create an API Key
- Sign in to console.roset.dev.
- Go to Settings > API Keys.
- Click Create API Key and copy the key immediately.
Caution
API keys are shown only once at creation time. Store yours in an environment variable or a secrets manager. Never commit keys to version control.
Use an API Key
Set the environment variable in your shell or .env file:
bash
export ROSET_API_KEY=rsk_your_key_hereBearer Tokens
For browser applications using Clerk, Auth0, or another identity provider, pass a JWT as a bearer token. This is how the Roset console authenticates its requests:
bash
# Use the Bearer scheme with a JWT from your identity provider
curl https://api.roset.dev/v1/files \
-H "Authorization: Bearer eyJhbGc..."Choosing a Method
| Use case | Method |
|---|---|
| Backend services and scripts | API Key |
| CI/CD pipelines | API Key |
| Browser applications | Bearer Token |
| Mobile applications | Bearer Token |