Authentication
All API requests require authentication via an API key. API keys use the aqn_ prefix and are managed from the API Keys page.
API Keys
There are two types of API keys:
| Type | Description | Use case |
|---|---|---|
| Full access | Can see all your collections (owned + subscribed) | MCP integration, personal automation |
| Scoped | Can only see explicitly granted collections; each grant carries a read or write permission level |
External developers, third-party integrations |
Scoped keys support two permission levels per collection grant: read (search and retrieve) and write (search, retrieve, and upload documents). Write access is required to use the document upload endpoint (POST /api/v1/collections/{id}/documents/). Full-access keys can upload documents to any collection owned by the key owner without a separate grant.
Creating a Key
- Go to API Keys in the sidebar (or visit
/keys/) - Click Create Key
- Choose a name and whether it should be full access or scoped
- Copy the key immediately — it won't be shown again
- For scoped keys, click Manage to grant access to specific collections
Using Your Key
Include the key in the Authorization header of all requests:
Authorization: Bearer aqn_your_api_key_here
Example:
curl -X POST https://your-instance/api/v1/search/ \
-H "Authorization: Bearer aqn_your_api_key" \
-H "Content-Type: application/json" \
-d '{"query": "your search"}'
Keys can be rotated or revoked from the API Keys page at any time.