API Authentication

Learn how to authenticate your requests to the Chekov API using API keys.

Getting Your API Key

1. Sign up for an account at chekov.ai/signup
2. Go to your dashboard
3. Your API key will be displayed or can be generated there

Using Your API Key

Include your API key in the Authorization header of all API requests:

Authorization: Bearer your-api-key

Example Request

curl -X POST https://chekov.ai/api/chekov \
  -H "Authorization: Bearer your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt": "Click the login button",
    "html": "<button>Login</button>",
    "screenshot": "base64-encoded-image"
  }'

Environment Setup

When using the @chekov/core package, set your API key as an environment variable:

Unix/macOS

export CHEKOV_API_KEY="your-api-key"

Windows (CMD)

set CHEKOV_API_KEY=your-api-key

Windows (PowerShell)

$env:CHEKOV_API_KEY="your-api-key"

Authentication Errors

Best Practices

• Never expose your API key in client-side code
• Rotate your API key periodically
• Use environment variables to store your API key
• Set up different API keys for development, staging, and production environments

Using with CI/CD

When using Chekov in CI/CD pipelines, securely store your API key as a secret or environment variable:

GitHub Actions

name: Run Tests
on: [push]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Run tests
        env:
          CHEKOV_API_KEY: ${{ secrets.CHEKOV_API_KEY }}
        run: npm test

GitLab CI

test:
  script:
    - npm test
  variables:
    CHEKOV_API_KEY: $CHEKOV_API_KEY

Security Recommendations

• API Key Storage: Use secure vaults or environment variables
• Key Rotation: Regularly rotate your API keys
• Access Control: Limit API key access to necessary services only
• Monitoring: Monitor API key usage for suspicious activity

Next Steps

• Learn about rate limits
• Check out the usage examples
• Read our best practices guide