Authentication
Every data-plane request (/search, /extract, /map, /crawl, /mcp) is
authenticated with an API key. Keys belong to a project inside your
organization, so usage is attributed and organised per project.
Get a key
Section titled “Get a key”- Sign in to the dashboard at
app.crisps.ai. - Open (or create) a project.
- Click Create API key, name it, and choose an environment:
csp_live_…— production traffic, billed against your plan.csp_test_…— for development and CI.
- Copy the key immediately — the full value is shown only once. We store only a hash, so it can never be recovered (only revoked and replaced).
Passing your key
Section titled “Passing your key”Send the key in any of three ways — pick whichever fits your stack. The first two are recommended; the third exists for compatibility with existing clients.
| Method | Example |
|---|---|
Authorization header | Authorization: Bearer csp_live_… |
x-api-key header | x-api-key: csp_live_… |
| Request body | { "api_key": "csp_live_…", "query": "…" } |
curl -X POST https://api.crisps.ai/search \ -H "Authorization: Bearer $CRISPS_API_KEY" \ -H "Content-Type: application/json" \ -d '{"query": "vector databases 2026"}'Errors
Section titled “Errors”| Status | Meaning |
|---|---|
401 Unauthorized | Missing, malformed, or revoked key. |
402 Payment Required | Monthly credit quota exhausted. |
403 Forbidden | Key lacks the required scope, or is limited to basic depth. |
429 Too Many Requests | Plan rate limit exceeded — see Retry-After. |
See the full list on the Errors page.
Managing keys
Section titled “Managing keys”Keys are created, listed, and revoked from the dashboard. Programmatically, they live
under your organization (these routes use a dashboard session token from
POST /auth/login, not an API key):
POST /orgs/{org_id}/api-keys # create (returns the plaintext once)GET /orgs/{org_id}/api-keys # list (prefixes only)PATCH /orgs/{org_id}/api-keys/{key_id} # renameDELETE /orgs/{org_id}/api-keys/{key_id} # revoke