Application Development
Introducing the Personal API Key: Elevate Your Authentication Experience
Discover the power of the Personal API Key for effortless and secure account management with Vectara. Remember, it’s as private as your password – keep it confidential!
February 14 , 2024 by Nick Ma
Introduction
Vectara has offered OAuth 2.0 for securely accessing your account and API keys for query and index operations for some time. However, we’ve acknowledged two major pain points from our customers regarding OAuth 2.0. Firstly, many find OAuth to be cumbersome or confusing. Secondly, some of you use frameworks or integrations that do not support OAuth. Furthermore, we’ve identified challenges with our API keys for query and index operations. Customers have expressed the need for API keys that enable a wider range of capabilities akin to what they can achieve through our console. To address these challenges, we’re providing a new authentication option that goes beyond either of these.
Introducing Vectara Personal API Key
We’re excited to announce the launch of the Vectara Personal API Key. This new feature is a breakthrough in account management, providing a simpler and more user-friendly alternative to OAuth. We understand that for those who find OAuth incompatible or daunting, having a straightforward solution is crucial. Therefore, to cater to these needs, we offer different types of API keys that are simpler in nature.
The Personal API Key empowers you with a wide range of capabilities: a Personal API Key can do almost everything that you can do inside of the Vectara console.
A comprehensive list of API operations can be found in our API playground. But bear in mind that the Personal API Key grants you the exact same access as your user role does. Details on how to use Personal API keys can be found in the documentation.
This key streamlines numerous administrative tasks and significantly simplifies third-party integrations. Stay tuned for upcoming blogs with detailed integration guides.
Security Caution:
Treat your Personal API Key like a password. It’s unique to you and should never be disclosed publicly. Your security and privacy are paramount, and this key is a crucial part of that commitment. It’s important to note that while these new API keys offer ease of use, they are inherently less secure than OAuth. We urge users to exercise caution and ensure these keys are stored and handled securely. In the event that the Personal API Key is compromised or you suspect so, please regenerate the API key.
Use Personal API Keys
To effectively leverage your Personal API Key, it must be included in your API calls. This is achieved by inserting your Personal API Key into the “x-api-key” parameter within your API request, just like you’ve been using query and indexing API keys. Alongside this, you must also provide your “customer-id” to ensure proper processing of the operations. This combination of the Personal API Key and customer-id is essential for authenticating and executing your requests securely and efficiently.
Example: use Personal API key to list corpora
curl -X POST \
-H "x-api-key: zut_***********************" \
-H "customer-id: 2572516233" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
https://api.vectara.io:443/v1/list-corpora \
-d @- <<END;
{
}
Conclusion
At Vectara, we are committed to providing you with a variety of authentication options while guiding you toward the best practices in security. We understand the diverse needs of our users and strive to balance ease of use with stringent security measures.
As always, we’d love to hear your feedback! Connect with us on our forums or on our Discord or on our community. If you’d like to see what Vectara can offer you for retrieval augmented generation on your application or website, sign up for an account.
