Authentication
Learn how to authenticate your API requests to ContextFile.
API Keys
API keys are the recommended way to authenticate with the ContextFile API. They provide secure, long-lived access without requiring user interaction.
Creating an API Key
- Go to your API Keys page
- Click "Create New Key"
- Give your key a descriptive name
- Copy and securely store the key - it will only be shown once
Using API Keys
Include your API key in the Authorization header of every request using the Bearer scheme.
Request Header
Authorization: Bearer cf_your_api_key_herecURL Example
curl https://api.contextfile.ai/v1/contexts \
-H "Authorization: Bearer cf_abc123def456..." \
-H "Content-Type: application/json"Key Formats
ContextFile uses different key prefixes to distinguish between token types:
| Prefix | Type | Use Case |
|---|---|---|
cf_ | API Key | Server-side integrations |
cfe_ | Extension Token | Browser extension authentication |
Security Best Practices
Keep your API keys secure
Never expose your API keys in client-side code, public repositories, or logs.
1Use environment variables
Store API keys in environment variables, not in your source code.
CONTEXTFILE_API_KEY=cf_your_key_here2Use different keys for different environments
Create separate API keys for development, staging, and production.
3Rotate keys regularly
Periodically create new keys and revoke old ones, especially after team changes.
4Revoke compromised keys immediately
If you suspect a key has been exposed, revoke it immediately from your dashboard.
Authentication Errors
When authentication fails, you'll receive one of these error responses:
401Missing or invalid API key
{
"error": "Unauthorized. Please provide a valid API key."
}401Expired API key
{
"error": "API key has expired. Please create a new key."
}401Revoked API key
{
"error": "API key has been revoked."
}Never expose API keys client-side
API keys should only be used in server-side code. For client-side applications, implement a server-side proxy. Our browser extension with extension tokens is coming soon.