API Keys

Create and manage scoped API keys for programmatic access to SeeMe.ai.

Overview

API keys provide authentication without user credentials. They can be scoped to specific permissions, resources, and organizations.

graph LR
    A[Client App] -->|API Key| B[SeeMe.ai API]
    B --> C{Validate Key}
    C -->|Valid| D{Check Scopes}
    D -->|Allowed| E[Process Request]
    D -->|Denied| F[403 Forbidden]
    C -->|Invalid| G[401 Unauthorized]

Create API Key

Web Platform

Go to Settings > API Keys
Click Create API Key
Configure:
- Name: Descriptive identifier
- Scopes: Permissions to grant
- Expiration: Optional expiry date
- Organization: Optional org scope
Click Create
Copy the key immediately (shown only once)

Python SDK

## Create a general-purpose API key
api_key = client.create_api_key(
    name="Development Key",
    scopes=["models:read", "models:predict", "datasets:read"]
)

print(f"API Key: {api_key.key}")  # Only shown once!
print(f"Key ID: {api_key.id}")
print(f"Prefix: {api_key.key_prefix}")

REST API

curl -X POST "https://api.seeme.ai/api/v1/api-keys" \
  -H "Authorization: Bearer EXISTING_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Inference",
    "scopes": ["models:predict"],
    "expires_in_days": 90
  }'

Scope Configuration

Basic Scopes

# Read-only access to models
api_key = client.create_api_key(
    name="Model Viewer",
    scopes=["models:read"]
)

# Inference only
api_key = client.create_api_key(
    name="Inference Only",
    scopes=["models:predict"]
)

# Full model access
api_key = client.create_api_key(
    name="Model Manager",
    scopes=["models:*"]
)

Resource-Specific Keys

Limit access to specific resources:

# Access only specific models
api_key = client.create_api_key(
    name="Production Model Access",
    scopes=["models:predict"],
    model_ids=[
        "model-uuid-1",
        "model-uuid-2"
    ]
)

# Access only specific datasets
api_key = client.create_api_key(
    name="Dataset Access",
    scopes=["datasets:read", "datasets:write"],
    dataset_ids=[
        "dataset-uuid-1"
    ]
)

Organization-Scoped Keys

# Key limited to specific organization
api_key = client.create_api_key(
    name="Acme Corp Integration",
    scopes=["models:predict", "workflows:execute"],
    organization_id="org-uuid"
)

Expiration

Set Expiration on Creation

# Expires in 30 days
api_key = client.create_api_key(
    name="Short-term Access",
    scopes=["models:read"],
    expires_in_days=30
)

# Expires on specific date
api_key = client.create_api_key(
    name="Project Deadline",
    scopes=["models:read"],
    expires_at="2024-06-30T23:59:59Z"
)

No Expiration

# Never expires (not recommended for production)
api_key = client.create_api_key(
    name="Internal Tool",
    scopes=["models:read"]
    # No expiration parameters
)

Using API Keys

Python SDK

from seeme import Client

# Authenticate with API key
client = Client(apikey="sm_live_xxxxxxxxxxxx")

# Make requests
models = client.get_models()

REST API

curl "https://api.seeme.ai/api/v1/models" \
  -H "Authorization: Bearer sm_live_xxxxxxxxxxxx"

JavaScript

const response = await fetch("https://api.seeme.ai/api/v1/models", {
  headers: {
    "Authorization": "Bearer sm_live_xxxxxxxxxxxx"
  }
});

Managing API Keys

List Keys

# List all your API keys
keys = client.get_api_keys()

for key in keys:
    print(f"{key.name}: {key.key_prefix}... (Scopes: {key.scopes})")
    if key.expires_at:
        print(f"  Expires: {key.expires_at}")
    if key.last_used_at:
        print(f"  Last used: {key.last_used_at}")

Disable Key

# Disable without deleting (can re-enable later)
client.update_api_key(
    api_key_id=key.id,
    disabled=True
)

# Re-enable
client.update_api_key(
    api_key_id=key.id,
    disabled=False
)

Delete Key

# Permanently delete key
client.delete_api_key(api_key_id=key.id)

Rotate Key

# Best practice: create new key, then delete old
new_key = client.create_api_key(
    name=f"{old_key.name} (Rotated)",
    scopes=old_key.scopes,
    organization_id=old_key.organization_id
)

# Update your applications with new_key.key

# Then delete old key
client.delete_api_key(api_key_id=old_key.id)

Key Prefixes

API keys have identifiable prefixes:

Prefix	Meaning
`sm_live_`	Production key
`sm_test_`	Test/sandbox key

The prefix helps identify keys in logs without exposing the full key.

Security Best Practices

⚠️

Do:

Store keys in environment variables or secret managers
Use minimal scopes (principle of least privilege)
Set expiration dates for temporary access
Rotate keys regularly (every 90 days recommended)
Monitor key usage for anomalies

Don’t:

Commit keys to version control
Share keys via email or chat
Use production keys in development
Create keys with *:* scope
Ignore expired or unused keys

Environment Variables

# .env file (never commit!)
SEEME_API_KEY=sm_live_xxxxxxxxxxxx

import os
from seeme import Client

client = Client(apikey=os.environ["SEEME_API_KEY"])

Secret Managers

# AWS Secrets Manager
import boto3
import json

secrets = boto3.client('secretsmanager')
secret = json.loads(
    secrets.get_secret_value(SecretId='seeme/api-key')['SecretString']
)

client = Client(apikey=secret['api_key'])

Rate Limits

API keys are subject to rate limits based on your plan:

Plan	Requests/min	Requests/day
Free	60	1,000
Pro	300	50,000
Enterprise	Custom	Custom

Check rate limit headers in responses:

X-RateLimit-Limit: 300
X-RateLimit-Remaining: 295
X-RateLimit-Reset: 1705312800

Audit Trail

Track API key usage:

# Get key usage statistics
usage = client.get_api_key_usage(
    api_key_id=key.id,
    start_date="2024-01-01",
    end_date="2024-01-31"
)

print(f"Total requests: {usage.total_requests}")
print(f"Successful: {usage.successful}")
print(f"Failed: {usage.failed}")
print(f"By endpoint: {usage.by_endpoint}")

Troubleshooting

Issue	Cause	Solution
401 Unauthorized	Invalid or expired key	Check key value, expiration
403 Forbidden	Missing scope	Add required scope to key
429 Too Many Requests	Rate limited	Reduce request rate
Key not working	Disabled	Re-enable in settings

Example: Production Setup

import os
from seeme import Client

# Production API key with minimal scope
API_KEY = os.environ.get("SEEME_PRODUCTION_KEY")

if not API_KEY:
    raise ValueError("SEEME_PRODUCTION_KEY environment variable not set")

client = Client(apikey=API_KEY)

def predict_image(image_path):
    """Make prediction using production key."""
    try:
        result = client.predict(
            model_id=os.environ["PRODUCTION_MODEL_ID"],
            item=image_path
        )
        return result.inference_items
    except Exception as e:
        # Log error, don't expose key
        print(f"Prediction failed: {type(e).__name__}")
        raise

Roles & Permissions