Skip to content

Authentication

Every data-plane request (/search, /extract, /map, /crawl, /mcp) is authenticated with an API key. Keys belong to a project inside your organization, so usage is attributed and organised per project.

  1. Sign in to the dashboard at app.crisps.ai.
  2. Open (or create) a project.
  3. Click Create API key, name it, and choose an environment:
    • csp_live_… — production traffic, billed against your plan.
    • csp_test_… — for development and CI.
  4. Copy the key immediately — the full value is shown only once. We store only a hash, so it can never be recovered (only revoked and replaced).

Send the key in any of three ways — pick whichever fits your stack. The first two are recommended; the third exists for compatibility with existing clients.

MethodExample
Authorization headerAuthorization: Bearer csp_live_…
x-api-key headerx-api-key: csp_live_…
Request body{ "api_key": "csp_live_…", "query": "…" }
Terminal window
curl -X POST https://api.crisps.ai/search \
-H "Authorization: Bearer $CRISPS_API_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "vector databases 2026"}'
StatusMeaning
401 UnauthorizedMissing, malformed, or revoked key.
402 Payment RequiredMonthly credit quota exhausted.
403 ForbiddenKey lacks the required scope, or is limited to basic depth.
429 Too Many RequestsPlan rate limit exceeded — see Retry-After.

See the full list on the Errors page.

Keys are created, listed, and revoked from the dashboard. Programmatically, they live under your organization (these routes use a dashboard session token from POST /auth/login, not an API key):

POST /orgs/{org_id}/api-keys # create (returns the plaintext once)
GET /orgs/{org_id}/api-keys # list (prefixes only)
PATCH /orgs/{org_id}/api-keys/{key_id} # rename
DELETE /orgs/{org_id}/api-keys/{key_id} # revoke