The Klara API uses API keys for authentication. Each key is scoped to your organization and can be managed from your dashboard.
Sandbox vs Production: API keys are environment-specific. Generate sandbox keys from sandbox.klara-ai.com and production keys from app.klara-ai.com. Keys from one environment do not work in the other. klara_{client_id}.{secret}
| Component | Description |
|---|
klara_ | Fixed prefix identifying Klara API keys |
client_id | 24-character hex identifier |
secret | 32-character base64url-encoded secret |
Using your API key
Include your API key in the Authorization header of every request:
Authorization: Bearer klara_abc123def456789012345678.ABCDEFghijklmnop1234567890QRSTUV
Never expose your API key in client-side code, public repositories, or logs.
Managing API keys
Creating a key
- Go to Settings → Integrations → API Keys in your Klara dashboard
- Click Create API Key
- Enter a descriptive name
- Copy the full key immediately—the secret is only shown once
Revoking a key
- Go to Settings → Integrations → API Keys
- Find the key you want to revoke
- Click Revoke and confirm
Revoked keys stop working immediately.
Scopes
API keys are created with scopes that determine what actions they can perform:
| Scope | Description |
|---|
rfi:create | Create new RFI requests |
rfi:read | Read RFI request status |
Error responses
Authentication failures return a 401 Unauthorized response:
{
"error": "unauthorized",
"message": "Invalid or expired API key"
}
