Authentication
Learn how to authenticate your API requests and manage your API keys securely.
API Key Authentication
All RAIL API requests require authentication using an API key. Include your API key in the request header:
curl -X POST "https://api.responsibleailabs.ai/railscore/v1/score/basic" \
-H "RAIL-API-KEY: your-rail-api-key_here" \
-H "Content-Type: application/json" \
-d '{"content": "Sample content"}'Getting Your API Key
- 1.Sign up for a free account at the RAIL platform
- 2.Navigate to your dashboard
- 3.Click "Generate Key" in the API Keys section
- 4.Copy and securely store your API key (you won't be able to see it again!)
Testing Your API Key
Before using your API key in production, verify it works correctly with these quick tests:
1. Test API Connection (No Auth Required)
First, verify the API is accessible:
# Test API is online
curl https://api.responsibleailabs.ai/
# Expected response:
# {
# "service": "RAIL Score API",
# "version": "1.0.0",
# "status": "running"
# }
# Test health check
curl https://api.responsibleailabs.ai/health/check
# Expected response:
# {
# "status": "healthy"
# }2. Verify Your API Key
Test your API key is valid and active:
curl -X POST https://api.responsibleailabs.ai/verify \
-H "Authorization: Bearer your-rail-api-key"
# Expected response (success):
# {
# "status": "verified",
# "message": "API key is valid",
# "tier": "free"
# }
# If invalid:
# {
# "detail": "Invalid API key"
# }Connection Test Benefits
- • Verify API connectivity without consuming credits
- • Check your API key is active before production use
- • Confirm your plan tier and permissions
- • Test from different environments (dev, staging, prod)
API Key Format
RAIL API keys follow this format:
rail_api_[64 hexadecimal characters]Security Best Practices
Important Security Guidelines
- •Never expose API keys in client-side code - Always make API calls from your backend server
- •Use environment variables - Store API keys in .env files, never hardcode them
- •Rotate keys regularly - Generate new keys periodically for enhanced security
- •Use .gitignore - Never commit API keys to version control
- •Revoke compromised keys - If a key is exposed, revoke it immediately
Environment Variables
Store your API key in environment variables:
Python (.env file)
# .env
RAIL_API_KEY=rail_api_your_actual_key_here
# Load in your code
from dotenv import load_dotenv
import os
load_dotenv()
api_key = os.getenv("RAIL_API_KEY")Node.js (.env file)
// .env
RAIL_API_KEY=rail_api_your_actual_key_here
// Load in your code
require('dotenv').config();
const apiKey = process.env.RAIL_API_KEY;Managing Multiple Keys
You can create multiple API keys for different purposes:
Development
Use separate keys for local development and testing
Production
Dedicated keys for production environments
Testing
Isolated keys for automated testing
Using the Python SDK
The RAIL Python SDK provides a convenient way to interact with the API without manually managing HTTP requests:
Installation
pip install rail-sdkBasic Usage
from rail_score_sdk import RailScore
# Initialize with your API key
rail = RailScore(api_key="your-rail-api-key_here")
# Or use environment variable
# export RAIL_API_KEY="your-rail-api-key_here"
rail = RailScore() # Automatically reads from RAIL_API_KEY env var
# Make API calls
result = rail.score.full(
content="Your content here",
explain_scores=True
)
print(f"Overall Score: {result.overall_score}")
print(f"Dimensions: {result.dimensions}")Rate Limits & Key Management
API keys are subject to rate limits based on your plan tier:
| Plan | Rate Limit | Concurrent Requests |
|---|---|---|
| Free | 10 req/min | 1 |
| Pro | 100 req/min | 5 |
| Business | 1,000 req/min | 10 |
| Enterprise | Custom | 50+ |
Revoking API Keys
If an API key is compromised or no longer needed, you can revoke it from your dashboard:
- 1.Navigate to your dashboard and go to the API Keys section
- 2.Find the key you want to revoke and click the "Revoke" button
- 3.Confirm the revocation - this action cannot be undone
- 4.The key will be immediately invalidated and all requests using it will fail
Important Notes
- •Revoked keys cannot be restored - you'll need to generate a new key
- •Update your applications with the new key before revoking the old one to avoid downtime
- •Rate limit exceeded (429) errors will return after a cooldown period
Error Responses
Common authentication errors:
| Status | Error | Solution |
|---|---|---|
401 | Missing API key | Include RAIL-API-KEY header |
401 | Invalid API key | Check key format and validity |
401 | Revoked API key | Generate a new key |