API

Copy page
View as Markdown Open the public raw markdown route

Authentication

How public Auk integrations should authenticate, separate environments, and handle operator credentials safely.

Public Auk integrations authenticate against the canonical Auk product base at https://api.parametrig.com/auk/v1.

Current Posture

  • programmatic integrations should use API keys
  • browser operators should use the console over the same backend
  • live and sandbox remain distinct operational environments
  • the console is not a separate auth authority

Integration Expectations

  • issue a key for the environment you are working in
  • send it on every authenticated API request
  • treat the key as workspace-scoped operator infrastructure, not end-user identity
  • rotate or revoke the key when access posture changes

API Key Handling

Every currently published Auk endpoint expects an operator-scoped API key.

That means the API tab can use this section as the stable anchor for any contextual note about authentication, even when the endpoint family being highlighted lives on another concept page.

Environment Split

The launch posture is environment-aware:

  • sandbox for simulation, rehearsal, and non-final integration work
  • live for real operator traffic once the relevant controls are ready

That environment split should stay visible in both the console and API tooling.

Illustrative Request

curl https://api.parametrig.com/auk/v1/quotes \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"product":"flight_delay","context":{"partner":"demo"}}'

Boundary Rule

Authentication docs should stay focused on the public contract:

  • how to authenticate
  • which environment you are targeting
  • what support path to use if access breaks

They should not leak private control-plane or internal trust logic that is not part of the durable external contract.