Application Development

February 28 , 2024 by Ofer Mendelevitch

Introduction

Vectara’s GenAI platform has always provided two methods of authentication: OAuth and API-keys. OAuth is a safe and secure authentication method, however API keys tend to be more popular among developers due to their simplicity.

To-date, Vectara provided two types of API-keys: an API key for query-only, and an API key with permissions to index and query.

Earlier this month we announced a new type of API key – the Personal API key – which provides a specific user on your Vectara account a designated set of permissions. These permissions can be much broader, similar to OAuth, yet remain associated with a single key, maintaining the simplicity of use for developers.

The Personal API key

Ask any developer (except those that specialize in security) and they will tell: API keys are much more popular than OAuth, and this is mainly due to their simplicity.

With OAuth you have to grab access tokens, deal with refresh tokens, and all kinds of steps to make it work properly. And let’s face it: most developers prefer not to deal with this. API keys on the other hand are simple and easy to use: it’s a single token that’s always there and does not change. 

The new Personal API key provides the simplicity of the API key with additional permissions for more programmatic control of your account. In addition to permissions for query and indexing operations, personal API keys provide permissions for corpus management, user management and a few other administrative API tasks.

When should I use the Personal API key?

It depends on the use case. For query-focused applications, like those built using the vectara-answer or create-ui tools, the query-only API key is still great and recommended. On the other hand, if your applications requires administrative operations like create-corpus, delete-corpus, or list-corpora – the Personal API key is a good fit.

And remember: always take good care of your API key – make sure it’s safe and secure within your application code (or use secrets management within your cloud provider). If any API key ever gets compromised, use the Vectara console to recycle the key and replace it with a new one.

API key for Integrations

Vectara is integrated with many open source tools and frameworks such as LangChain, LlamaIndex, Flowise and Langflow. If you are using Vectara through one of these tools, for example for quick prototyping, you should choose the most suitable key for your application. For example if you are ingesting data as part of your application you can use Vectara’s index+query key, but if you query only you can use the query only key.

You can always also use your personal API key in these cases – it will work just fine – but it does have extra permissions so it’s a bit of an overkill.

Conclusions

The Personal API key brings a new type of API key to Vectara, enabling simplicity with additional power to create more powerful RAG based applications.

To try out the personal API key, you can sign up for a free Vectara account if you don’t have one already, and then look around the console to see how it work.

A always, if you have any questions, please feel free to reach us in the forums or on our Discord Server.