Authentication
All embraceableAI APIs use Bearer Token Authentication. Two types of API tokens are available, each suited for different use cases.
API Token Types
API Keys
Format: euat-<random-string>
Characteristics:
- Not tied to any user account
- Conclusions created via API keys are visible to admins in the admin area
- Higher rate limits than Personal API Tokens (PATs)
- 10 concurrent requests (up to unlimited, if configured)
- Can be created with unlimited validity
- Best for: Production-like testing, automated systems, team integrations in the Sandbox environment
How to get: Go to the embraceableAI Sandbox Console
Personal API Tokens (PAT)
Format: epat-<random-string>
Characteristics:
- Tied to your user account
- Conclusions created via PAT are visible in the UI (for the token owner only)
- Only 1 concurrent request allowed
- Same rate limits as UI usage
- Maximum validity: 1 year
- Best for: Personal development, testing, individual workflows in the Sandbox environment
How to get: Go to Personal API Token Settings
Using Your API token
Use your generated opaque API token in the Authorization header:
Authorization: Bearer <your-token>
Important: API tokens are not JWTs and must not be decoded. Valid API tokens always start with euat- or epat-. Send the API token as-is over TLS.
Example (masked): Authorization: Bearer euat-rSZ***************EB
Quick Test
curl -I -H "Authorization: Bearer <your-token>" \
https://sandbox.embraceable.ai/api/preview/model
Rate Limits
All API tokens (both PATs and API Keys) share the following base limit:
- 60 requests per minute per API token
This applies to all API token types regardless of subscription plan.
Additional Limits
- Personal API Tokens (PAT): Subject to daily LLM token limits based on your subscription plan
- API Keys: Pay-as-you-go billing, 100 Mio LLM tokens per day
- Enterprise: Custom limits available
For detailed information about subscription plans, daily limits, and billing, see Billing & Subscription.