Skip to main content
Version: 1.11.0-beta

Authentication & Security

Auth Options

The SDK supports two authentication strategies:

  • API Key:

    { apiKey: string }

    Example:

    const client = new ImagineoAIClient(apiUrl, { apiKey: "sk-..." });

  • Token-based (e.g., Clerk):

    { getToken: () => Promise<string> }

    Example:

    const client = new ImagineoAIClient(apiUrl, { getToken: async () => getClerkToken() });

How Auth is Handled

  • The SDK uses a shared helper (getAuthHeader) to generate the correct Authorization header for every request.
  • If no auth is provided, requests will be unauthenticated and may fail.

Security Best Practices

  • Never expose API keys in client-side code for production.
  • Use environment variables or secure secrets management for server-side usage.
  • For browser apps, prefer token-based auth with short-lived tokens (e.g., Clerk).
  • Rotate API keys regularly.
  • Do not commit secrets to version control.

Example: Dynamic Auth

const client = new ImagineoAIClient(apiUrl, {
  getToken: async () => localStorage.getItem("token") || ""
});