Skip to content

Users + Authentication

Introduction

StartKit.AI is designed to work either with the ability for you to allow users to sign-up and use your AI services, or as a standalone app that you can query with a single admin utility user.

Users

Each request to the API is authenticated against a users’ license key using a Bearer token.

Terminal window
curl --request POST \
--url "http://localhost:1337/api/chat" \
--header "Authorization: Bearer sk_test_fe638159-7d7a-4f75-b80d-eb5d270887a2" \
--header "Content-Type: application/json" \
--data '{
"text": "What's the name of the actor who plays Commander Data in Star Trek TNG?"
}'

Creating a User

Users can be created manually via the Admin Dashboard, automatically as a result of Stripe Webhooks, or via the Users API with a sign-up form.

When a user is created they are applied a usage-limit, that means that they can only make a predefined number of API requests.

Usage limits can be defined by matching them with Stripe Plans, or Plan Ids. This can be set in the plans.yml config file.

Admin User

If you want to make your own requests to the API then you can use an Admin User instead, which will ignore usage and rate-limits.

When you run through the setup of StartKit.AI you will be given an Admin license key that you can use to make requests.

If you need this key again, it’s also shown in the Settings section of the Admin Dashboard.

Users providing their own OpenAI API Key

If you want, you can allow users to provide their own OpenAI API key with each request.

When making a request to the API include the X-OPENAI-KEY header, as well as the Bearer token.

Terminal window
curl --request POST \
--url "http://localhost:1337/api/chat" \
--header "Authorization: Bearer sk_test_fe638159-7d7a-4f75-b80d-eb5d270887a2" \
--header "X-OPENAI-KEY: sk_fe68f1f9-7dya-4f45-a8od-fb5d200887a2" \
--header "Content-Type: application/json" \
--data '{
"text": "What's the name of the actor who plays Commander Data in Star Trek TNG?"
}'

If you want the user to only be able to use their own API Key then set the property requiresApiKey: true on their LicenseKey record. Otherwise if not provided your set one will be used from the .env file.