Back to Documentation
Getting Started

Authentication

SkillRouter uses API keys to authenticate requests. This guide covers how to obtain, use, and secure your API keys.

Getting an API Key

To start making authenticated requests, you need an API key. You can create and manage API keys from your SkillRouter dashboard.

  1. Navigate to Dashboard → API Keys in your dashboard.
  2. Click Create New Key and give it a descriptive name (e.g., "Production Backend" or "Dev Testing").
  3. Choose the appropriate scope — read-only for discovery or full-access for discovery and execution.
  4. Copy your key immediately. For security, the full key is only shown once.
Create API Key

Keep your keys safe

API keys carry the same privileges as your account. Do not share them in public repositories, client-side code, or insecure environments. If a key is compromised, revoke it immediately from the dashboard and generate a new one.

Using Bearer Token Authentication

All API requests must include your API key in the Authorization header using the Bearer scheme.

cURL Example

Terminal
curl -X POST https://api.skillrouter.dev/v1/discover \
  -H "Authorization: Bearer sk_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"query": "send an email"}'

Python SDK

The Python SDK handles authentication automatically. Pass your key during initialization or let it read from the environment.

auth.py
from skillrouter import SkillRouter

# Option 1: Pass the API key directly
sr = SkillRouter(api_key="sk_live_your_api_key_here")

# Option 2: Use an environment variable (recommended)
# Set SKILLROUTER_API_KEY in your environment, then:
sr = SkillRouter()  # Automatically reads from env

Environment Variable Best Practices

Hardcoding API keys is a security risk. Instead, store them as environment variables and let your application read them at runtime.

Using a .env File

.env
# .env
SKILLROUTER_API_KEY=sk_live_your_api_key_here

# Never commit this file to version control!
# Add .env to your .gitignore

Loading from Environment

main.py
import os
from skillrouter import SkillRouter

# The SDK automatically reads SKILLROUTER_API_KEY from the environment
sr = SkillRouter()

# Or explicitly load from env
sr = SkillRouter(api_key=os.environ["SKILLROUTER_API_KEY"])

Recommendations

  • Use separate API keys for development, staging, and production environments.
  • Add .env to your .gitignore to prevent accidental commits.
  • Use your platform's secret manager in production (e.g., AWS Secrets Manager, Vercel Environment Variables, Doppler).
  • Rotate keys periodically and immediately revoke any compromised keys.
  • Use read-only keys when your application only needs skill discovery, not execution.

Rate Limiting

API requests are rate limited to ensure fair usage and platform stability. Limits vary by plan and are applied per API key.

PlanRequests / MinuteRequests / Day
Free601,000
Pro60050,000
EnterpriseCustomCustom

Rate Limit Headers

Every API response includes headers indicating your current rate limit status.

Response Headers
HTTP/1.1 200 OK
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 997
X-RateLimit-Reset: 1709942400
X-RateLimit-Window: 60

Handling 429 Errors

When you exceed the rate limit, the API returns a 429 Too Many Requests response with a Retry-After header. The SDK handles retries automatically with exponential backoff, but you can also handle this manually.

429 Response
HTTP/1.1 429 Too Many Requests
Content-Type: application/json
Retry-After: 30

{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded. Please retry after 30 seconds.",
    "retry_after": 30
  }
}

Next Steps

Your First Skill Call

Execute your first skill

Skills & Tools

Understand the skill registry