Skip to content

Managing API Keys

API Keys are the primary mechanism for authenticating programmatic requests to the Philterd Data Services REST API. They allow you to integrate our powerful redaction and risk assessment capabilities directly into your own applications, scripts, and automated workflows.

Understanding API Key Security

Because an API key provides direct access to your Philterd account and its capabilities, it is essential to treat these keys as highly sensitive credentials.

Key Management Policies

  • Key Limit: For security reasons, each Philterd Data Services account is restricted to a maximum of three active API keys at any given time. This limitation encourages regular key rotation and minimizes the potential "attack surface" if a key were to be compromised.
  • Lifecycle Control: You have full control over the creation and deletion of your keys. We recommend naming your keys based on their intended use (e.g., Production-App-Key or Testing-Environment-Key) for easier identification.
  • Irreversible Deletion: Deleting an API key is an immediate and permanent action. Once a key is deleted, it will no longer be accepted by the API, and any applications using it will receive an Unauthorized error. Deleted keys cannot be recovered or "undeleted."

Creating and Using Your Keys

How to Generate a New Key

  1. Navigate to the Account menu in the dashboard sidebar and select API Keys.
  2. Click the Create API Key button.
  3. Assign a descriptive Key Name to help you track its usage.
  4. Important: The full API key string will only be displayed once at the time of creation. You must copy this key and store it in a secure location (such as a password manager or a secure secrets management system). For your protection, we do not store the plain-text key in our database after this initial display.

Authenticating with the API

When making requests to the Philterd Data Services API, you must include your active API key in the request header. Specifically, we use the Authorization header with the Bearer prefix.

# Example of a curl request using an API key
curl -X POST https://api.data.philterd.ai/api/redact/documents \
     -H "Authorization: Bearer YOUR_API_KEY_HERE" \
     -H "Content-Type: text/plain" \
     -d "Sensitive information goes here"

For more comprehensive details on the available API endpoints and request formats, please refer to our API Documentation.

Best Practices for API Key Safety

  • Rotate Regularly: Periodically delete old keys and generate new ones to minimize the risk of long-term exposure.
  • Use Environment Variables: Never hard-code API keys into your application's source code. Instead, use environment variables or a dedicated secrets manager.
  • Restrict by IP: We strongly recommend utilizing the IP Address Restrictions feature in your Account Settings to ensure your keys can only be used from your authorized network infrastructure.