Skip to main content

Authentication Overview

Steer AI uses API key-based authentication with Bearer tokens. All API requests must include a valid API key in the Authorization header.

Getting API Keys

Development Keys

  1. Sign up for a free account at dashboard.steerai.autos
  2. Navigate to SettingsAPI Keys
  3. Click Generate Development Key
  4. Copy and securely store your key

Production Keys

  1. Upgrade to a paid plan
  2. Navigate to SettingsAPI Keys
  3. Click Generate Production Key
  4. Copy and securely store your key

Authentication Methods

curl -X GET "https://api.steerai.autos/v1/inspections" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

curl -X GET "https://api.steerai.autos/v1/inspections?api_key=YOUR_API_KEY"
Security Warning: Query parameter authentication exposes your API key in server logs and browser history. Use header authentication in production.

SDK Authentication

Python

from steer_ai import SteerAI
import os

# Using environment variable (recommended)
client = SteerAI(api_key=os.getenv("STEER_AI_API_KEY"))

# Direct assignment (not recommended for production)
client = SteerAI(api_key="your_api_key_here")

JavaScript/Node.js

import { SteerAI } from '@steerai/sdk';

// Using environment variable
const client = new SteerAI({
  apiKey: process.env.STEER_AI_API_KEY
});

// Using config object
const client = new SteerAI({
  apiKey: 'your_api_key_here',
  environment: 'production' // or 'sandbox'
});

Environment Configuration

Environment Variables

# .env file
STEER_AI_API_KEY=your_api_key_here
STEER_AI_BASE_URL=https://api.steerai.autos/v1
STEER_AI_ENVIRONMENT=production

Multiple Environment Setup

# Development
STEER_AI_DEV_API_KEY=dev_1234567890abcdef
STEER_AI_DEV_BASE_URL=https://api-sandbox.steerai.autos/v1

# Production
STEER_AI_PROD_API_KEY=prod_abcdef1234567890
STEER_AI_PROD_BASE_URL=https://api.steerai.autos/v1

Testing Authentication

Quick Test Endpoint

curl -X GET "https://api.steerai.autos/v1/auth/test" \
  -H "Authorization: Bearer YOUR_API_KEY"
Successful Response: 
{
  "status": "success",
  "data": {
    "authenticated": true,
    "account_id": "acc_1234567890",
    "plan": "professional",
    "permissions": ["inspections:read", "inspections:write"]
  }
}

Account Information

curl -X GET "https://api.steerai.autos/v1/account" \
  -H "Authorization: Bearer YOUR_API_KEY"

Security Best Practices

• Store keys in environment variables, never in code • Use different keys for development and production • Rotate keys every 90 days • Revoke compromised keys immediately • Use key prefixes to identify environments (dev_, prod_)
• Always use HTTPS for API requests • Validate SSL certificates • Implement IP whitelisting when possible • Use VPN or private networks for sensitive operations
• Limit API key permissions to minimum required • Use separate keys for different applications • Monitor API usage for unusual patterns • Implement proper logging and alerting

Error Responses

Invalid API Key

{
  "status": "error",
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or has been revoked",
    "type": "authentication_error"
  }
}

Missing API Key

{
  "status": "error",
  "error": {
    "code": "MISSING_API_KEY",
    "message": "API key is required for this endpoint",
    "type": "authentication_error"
  }
}

Insufficient Permissions

{
  "status": "error",
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "Your API key does not have permission to access this resource",
    "type": "authorization_error"
  }
}

Troubleshooting

Common Issues

Causes: • Invalid or expired API key • Missing Authorization header • Incorrect header formatSolutions: • Verify API key is correct • Check header format: Authorization: Bearer YOUR_KEY • Regenerate API key if needed
Causes: • API key lacks required permissions • Account plan limitations • Suspended accountSolutions: • Check API key permissions • Upgrade plan if needed • Contact support for account issues
Causes: • Network connectivity problems • Firewall blocking requests • SSL certificate issuesSolutions: • Test network connectivity • Check firewall settings • Verify SSL certificate validation

Rate Limiting

Authenticated requests are subject to rate limits based on your plan:
PlanRequests/HourConcurrent
Free1,0005
Starter10,00020
Professional100,000100
EnterpriseUnlimitedCustom

Need Help?

If you’re having authentication issues:
Security Note: Never share your API keys in support requests, code repositories, or public forums. Our support team will never ask for your API keys.