Skip to main content

Header types

1. Admin bootstrap header

Use admin-key only for creating organizations and issuing API keys.
  • Header: admin-key: <ADMIN_KEY>
  • Endpoint: POST /v1/createOrganization

2. Business API key header

Use x-api-key for all business feature endpoints under /v1.
  • Header: x-api-key: <issued_api_key>
  • Endpoints: sources, flashcards, mindmaps, quizzes

Bootstrap flow

  1. Call POST /v1/createOrganization with admin-key.
  2. Save the returned API key securely.
  3. Use that API key in x-api-key for all subsequent /v1 requests.

Example

curl -X POST "https://api.getconch.ai/v1/createOrganization" \
  -H "Content-Type: application/json" \
  -H "admin-key: YOUR_ADMIN_KEY" \
  -d '{
    "name": "Acme Learning",
    "url": "https://acme.example"
  }'

curl -X GET "https://api.getconch.ai/v1/sources" \
  -H "x-api-key: YOUR_ISSUED_API_KEY"

Security notes

  • Never expose admin-key or x-api-key in frontend bundles.
  • Store keys in a secure secret manager.
  • Rotate keys if leakage is suspected.