Authentication
All API requests to Aldea require authentication using a Bearer token in the Authorization header. All requests must be made over HTTPS (for REST API) or WSS (for WebSocket connections) or they will fail.
Your API Key
Every organization is automatically provided with an API key when it's created. This key is used to authenticate all API requests.
Managing Your API Key
Organization owners can view and regenerate the API key from the API Keys tab in Organization Settings. Access to Organization Settings and the ability to regenerate the organization API key is restricted to organization owners only.
Using Your API Token
Include your API token in the Authorization header of every request:
Authorization: Bearer org_your_api_key_hereExample Request
Here's an example of a cURL request with authentication:
Download sample audioAPI="https://api.aldea.ai/v1/listen"TOKEN=org_your_api_key_hereFILE=~/Downloads/aldea_sample.wavcurl -s -X POST "$API" \ -H "Authorization: Bearer $TOKEN" \ --data-binary @"$FILE"Secure Connections Required
All API requests must be made over secure connections:
- HTTPS for REST API endpoints (e.g.,
https://api.aldea.ai) - WSS for WebSocket connections (e.g.,
wss://api.aldea.ai)
Requests made over HTTP or WS will be rejected for security reasons.
Token Security
- Keep your API tokens secure and never commit them to version control
- Use environment variables to store tokens in your applications
- Rotate tokens regularly for enhanced security
- If a token is compromised, organization owners should regenerate it immediately from Organization Settings
Token Format
API tokens are strings that begin with org_ followed by a unique identifier. Example: org_abc123def456...