Users + Authentication

Introduction

StartKit.AI is designed to work either with the ability for you to allow users to sign-up and use your AI services, or as a standalone app that you can query with a single admin utility user.

Tip

We think this covers the most common use cases for building AI apps, but if you have any other requirements then start a discussion!

Users

Each request to the API is authenticated against a users’ license key using a Bearer token.

curl --request POST \
  --url "http://localhost:1337/api/chat" \
  --header "Authorization: Bearer sk_test_fe638159-7d7a-4f75-b80d-eb5d270887a2" \
  --header "Content-Type: application/json" \
  --data '{
    "text": "What's the name of the actor who plays Commander Data in Star Trek TNG?"
  }'

Creating a User

Users can be created manually via the Admin Dashboard, automatically as a result of Payment Webhooks, or via the Users API with a sign-up form.

When a user is created they are applied a usage-limit, that means that they can only make a predefined number of API requests.

Usage limits can be defined by matching them with Payment Provider Plans, or Plan Ids. This can be set in the plans.yml config file.

Tip

If you need to create users yourself as a result of some other action then you can call the createUserWithKey function yourself.

/server/database/users.js

const { key, user } = await createUserWithKey({
  email: 'james@example.com',
  planId: 2
});

You can also use the Example App login as starting point here: /web/example-app/pages/auth/Login.jsx. This uses magic links to authenticate a user and verify their email address.

Admin User

If you want to make your own requests to the API then you can use an Admin User instead, which will ignore usage and rate-limits.

When you run through the setup of StartKit.AI you will be given an Admin license key that you can use to make requests.

If you need this key again, it’s also shown in the Settings section of the Example App.

Users providing their own OpenAI API Key

If you want, you can allow users to provide their own OpenAI API key with each request.

When making a request to the API include the X-OPENAI-KEY header, as well as the Bearer token.

curl --request POST \
  --url "http://localhost:1337/api/chat" \
  --header "Authorization: Bearer sk_test_fe638159-7d7a-4f75-b80d-eb5d270887a2" \
  --header "X-OPENAI-KEY: sk_fe68f1f9-7dya-4f45-a8od-fb5d200887a2" \
  --header "Content-Type: application/json" \
  --data '{
    "text": "What's the name of the actor who plays Commander Data in Star Trek TNG?"
  }'

If you want the user to only be able to use their own API Key then set the property requiresApiKey: true on their LicenseKey record. Otherwise if not provided your set one will be used from the .env file.