Docs / Authentication

Authentication

All API requests require authentication via an API key. API keys use the aqn_ prefix and are managed from the API Keys page.

API Keys

There are two types of API keys:

Type Description Use case
Full access Can see all your collections (owned + subscribed) MCP integration, personal automation
Scoped Can only see explicitly granted collections; each grant carries a read or write permission level External developers, third-party integrations

Scoped keys support two permission levels per collection grant: read (search and retrieve) and write (search, retrieve, and upload documents). Write access is required to use the document upload endpoint (POST /api/v1/collections/{id}/documents/). Full-access keys can upload documents to any collection owned by the key owner without a separate grant.

Creating a Key

  1. Go to API Keys in the sidebar (or visit /keys/)
  2. Click Create Key
  3. Choose a name and whether it should be full access or scoped
  4. Copy the key immediately — it won't be shown again
  5. For scoped keys, click Manage to grant access to specific collections

Using Your Key

Include the key in the Authorization header of all requests:

Authorization: Bearer aqn_your_api_key_here

Example:

curl -X POST https://your-instance/api/v1/search/ \
  -H "Authorization: Bearer aqn_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"query": "your search"}'

Keys can be rotated or revoked from the API Keys page at any time.