Skip to main content

API Key Authentication

AgenticPencil uses Bearer token authentication with API keys. All API requests must include your API key in the Authorization header.

API Key Format

All AgenticPencil API keys follow this format:
  • Prefix: ap_
  • Length: 32 characters after the prefix
  • Example: ap_1234567890abcdefghijklmnopqrstuv

How to Get Your API Key

1

Create Account

Sign up at platform.agenticpencil.com
2

Verify Email

Check your email and click the verification link
3

Access API Keys

Navigate to SettingsAPI Keys in your dashboard
4

Generate Key

Click “Generate New API Key” and give it a descriptive name
5

Copy & Store

Copy your key immediately - you won’t be able to see it again!

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer prefix: 
curl -X GET "https://api.agenticpencil.com/v1/usage" \
  -H "Authorization: Bearer ap_your_api_key_here"

API Key Management

Multiple Keys

You can create multiple API keys for different use cases:

Development

Use separate keys for development and testing environments

Production

Dedicated keys for your production AI agents

Team Members

Individual keys for team members with different access levels

Third-party Integrations

Separate keys for external services and integrations

Key Rotation

For security best practices, rotate your API keys regularly:
  1. Generate a new API key
  2. Update your applications with the new key
  3. Test that everything works correctly
  4. Revoke the old key

Key Permissions

API keys inherit the permissions of the user who created them. Currently, all API keys have access to:
  • All endpoint functionality
  • Credit consumption up to your plan limits
  • Rate limits based on your subscription tier

Authentication Errors

Common authentication errors and how to resolve them: 
{
  "error": "Invalid API key",
  "message": "The provided API key is invalid or has been revoked",
  "code": "INVALID_API_KEY"
}
Solution: Double-check your API key format and ensure it starts with ap_
{
  "error": "Missing authorization",
  "message": "Authorization header is required",
  "code": "MISSING_AUTH_HEADER"
}
Solution: Include the Authorization: Bearer ap_your_key header in your request
{
  "error": "API key expired",
  "message": "Your API key has expired. Please generate a new one",
  "code": "EXPIRED_API_KEY"
}
Solution: Generate a new API key from your dashboard
{
  "error": "Rate limit exceeded",
  "message": "You have exceeded your rate limit. Please try again later",
  "code": "RATE_LIMIT_EXCEEDED"
}
Solution: Wait before making another request or upgrade your plan for higher limits

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs!

Environment Variables

Store your API key in environment variables:
.env
AGENTICPENCIL_API_KEY=ap_your_api_key_here
Python
import os
api_key = os.getenv('AGENTICPENCIL_API_KEY')
Node.js
const apiKey = process.env.AGENTICPENCIL_API_KEY;

Server-Side Only

Always make API calls from server-side code, never from:
  • Frontend JavaScript
  • Mobile app client code
  • Browser extensions
  • Public-facing code

Monitor Usage

Regularly check your API usage in the dashboard to detect:
  • Unexpected spikes in usage
  • Potential security breaches
  • API key misuse
Set up usage alerts in your dashboard to get notified when your credit consumption exceeds expected thresholds.