Authentication

Secure authentication is a cornerstone of the Infuzu API. This page explains how to authenticate your requests, handle errors, and follow security best practices.

Authentication Methods

The Infuzu API supports three authentication methods. Only one method can be used per request – combining multiple methods will result in an error.

1. Infuzu-API-Key Header

curl -H "Infuzu-API-Key: your_api_key_here" ...

headers = {"Infuzu-API-Key": api_key}

2. X-Infuzu-API-Key Header

curl -H "X-Infuzu-API-Key: your_api_key_here" ...

headers = {"X-Infuzu-API-Key": api_key}

3. Bearer Token (Authorization Header)

curl -H "Authorization: Bearer your_api_key_here" ...

headers = {"Authorization": f"Bearer {api_key}"}

Important Notes:

Headers are case-sensitive.
The Bearer prefix in the Authorization header is required.
All API requests must use HTTPS.

Environment Variable Setup

For Python users, you can avoid hardcoding your API key by setting the INFUZU_API_KEY environment variable. The library will automatically detect it.

Example:

from infuzu import create_chat_completion

# No need to pass api_key parameter if environment variable is set
response = create_chat_completion(messages=[...])

Error Handling

Common Authentication Errors

HTTP Status	Error Code	Message
401	`missing_api_key`	No authentication headers provided
400	`multiple_api_keys`	Multiple authentication headers detected
401	`invalid_api_key`	Provided API key is invalid or revoked
401	`invalid_authorization_header`	Malformed Bearer token (missing prefix or invalid format)

Example Error Response:

{
  "errors": [
    {
      "code": "invalid_api_key",
      "message": "The provided API key is invalid"
    }
  ]
}

Security Best Practices

Never Hardcode API Keys
- Use environment variables or secure secret management systems
- Rotate keys regularly
Validate Inputs
if not api_key: raise ValueError("API key required")
Enable TLS 1.2+
- All Infuzu endpoints require HTTPS
- Verify certificates in production environments
Monitor Usage
- Set up alerts for suspicious activity via the usage dashboard

HIPAA Compliance

The Infuzu API meets all HIPAA security requirements:

Data Encryption: AES-256 for data at rest, TLS 1.2+ for data in transit
Access Controls: Role-based access with audit logs
BAAs Available: Contact support to request a Business Associate Agreement

Rate Limiting

Authentication headers also govern rate limits:

Organization Limits: View yours at Rate Limits Dashboard

Key Management

Manage your API keys through the Infuzu Dashboard:

Create/revoke keys
View usage per key

Troubleshooting

Problem: 401 Unauthorized despite valid key
Solution:

Verify no trailing spaces in key
Check system clock synchronization
Confirm HTTPS is used

Problem: 400 Bad Request with multiple headers
Solution:
Remove duplicate authentication headers from request

Need Help?
Contact Infuzu Support for immediate assistance.

Last modified: 25 February 2025