SelamGPT

Authentication

The SelamAPI uses API keys and JWT tokens to authenticate requests. You can view and manage your API keys in the SelamGPT dashboard.

API Keys

Your API requests are authenticated using API keys. Any request that doesn't include an API key will return an error. Most endpoints require only an API key, but some advanced features may require additional JWT authentication.

Keep your API key secure

Do not share your API key with others, or expose it in the browser or other client-side code. In order to protect the security of your account, SelamGPT may also automatically rotate any API key that we've found has been exposed publicly.

Including the API key

Include your API key in an Authorization HTTP header. Always use HTTPS in production.

1Authorization: Bearer sk-selam-your-api-key-here

Making authenticated requests

You can use your API key in REST API calls by passing it in the Authorization header:

Example API Request

1curl https://api.selamgpt.com/v1/chat/completions \
2  -H "Content-Type: application/json" \
3  -H "Authorization: Bearer sk-selam-your-api-key-here" \
4  -d '{
5    "model": "selam-plus",
6    "messages": [
7      {
8        "role": "user",
9        "content": "Hello!"
10      }
11    ]
12  }'

JWT Token Authentication

Some advanced features require JWT token authentication in addition to your API key. JWT tokens provide additional security and user context for specific operations.

When JWT is required

JWT authentication is required for certain advanced features. Most standard API operations only require an API key.

Using JWT Tokens

Include your JWT token in the Authorization header alongside your API key:

JWT Authentication Example

1curl https://api.selamgpt.com/v1/endpoint \
2  -H "Content-Type: application/json" \
3  -H "Authorization: Bearer your-jwt-token" \
4  -H "X-API-Key: sk-selam-your-api-key-here" \
5  -d '{
6    "param": "value"
7  }'

Security Best Practices

🔒 Use Environment Variables

Store API keys and JWT tokens in environment variables, never hardcode them in your source code.

🌐 Always Use HTTPS

Only make API requests over HTTPS to ensure your credentials are encrypted in transit.

🔄 Rotate Keys Regularly

Periodically rotate your API keys to minimize the impact of potential key exposure.

🚫 Never Expose in Client-Side Code

Never include API keys in frontend JavaScript, mobile apps, or any client-side code. Use a backend proxy instead.

📝 Monitor API Usage

Regularly review your API usage logs to detect any unusual activity or unauthorized access.

Authentication Errors

Common authentication errors and how to resolve them:

401

Invalid API Key

1{
2  "error": {
3    "message": "Invalid API key provided.",
4    "type": "authentication_error",
5    "code": "invalid_api_key"
6  }
7}

Solution: Verify your API key is correct and hasn't been revoked.

401

Missing Authentication

1{
2  "error": {
3    "message": "No API key provided.",
4    "type": "authentication_error",
5    "code": "missing_api_key"
6  }
7}

Solution: Include the Authorization header with your API key in all requests.

403

Insufficient Permissions

1{
2  "error": {
3    "message": "Your account does not have access to this feature.",
4    "type": "authorization_error",
5    "code": "insufficient_permissions"
6  }
7}

Solution: This feature may require a higher account level. Check your account status in the dashboard.

Was this page helpful?

Next
Models
Browse available models and their capabilities