Authentication

The OliAI Public API uses API key authentication. Every request must include your API key in the x-api-key request header.

Obtaining an API Key

API keys are created through the OliAI dashboard by Admins and Super Admins. See the step-by-step guide for instructions.

Using Your API Key

Include the key in every request:

GET /v1/contacts HTTP/1.1
Host: api.oliai.in
x-api-key: sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Or with cURL:

curl https://api.oliai.in/v1/contacts \
  -H "x-api-key: sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"

Key Format

All API keys have the prefix sk_live_ followed by a 32-character random string:

sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

⚠️

Never expose your API key in client-side code, public repositories, or logs. Treat it like a password.

Authentication Errors

Scenario	HTTP Status	Message
Missing header	`401`	`API key is required`
Invalid key	`401`	`Invalid API key`
Revoked key	`401`	`API key has been revoked`
Expired key	`401`	`API key has expired`

Organization Scoping

API keys are scoped to a single organization. All resources created or queried through an API key belong to that organization — you cannot access or modify another organization's data.

Key Lifecycle

Keys remain active until revoked or expired (if an expiry date was set)
Revocation takes effect immediately
There is no automatic renewal — create a new key before the old one expires
The lastUsedAt timestamp is updated on every successful request

Best Practices

# Store in environment variable — never hardcode
export OLIAI_API_KEY="sk_live_your_key_here"
 
# Production
curl https://api.oliai.in/v1/contacts \
  -H "x-api-key: $OLIAI_API_KEY"
 
# QA / Staging
curl https://api.qa.oliai.in/v1/contacts \
  -H "x-api-key: $OLIAI_API_KEY"

Overview Contacts