Appearance
Authentication
SubCortex uses API key authentication. Keys are scoped to a project and carry tenant context automatically.
API keys
Keys are generated in the SubCortex dashboard under Project → Integrations → API Keys.
scx_live_a1b2c3d4e5f6...Keys have the prefix scx_live_. Each key is shown once at creation — store it securely. If lost, revoke and regenerate.
Using a key
Pass your key when initialising the client:
typescript
const scx = new SubCortexClient({
endpoint: 'https://engine.subcortex.ai',
apiKey: process.env.SUBCORTEX_API_KEY
})The SDK attaches the key to every request as an Authorization: Bearer header. You never pass it per-call.
Environment variables
Keep keys out of source code:
bash
# .env
SUBCORTEX_API_KEY=scx_live_your_key_here
SUBCORTEX_ENDPOINT=https://engine.subcortex.aitypescript
const scx = new SubCortexClient({
endpoint: process.env.SUBCORTEX_ENDPOINT!,
apiKey: process.env.SUBCORTEX_API_KEY!
})Key permissions
Keys are created with read and write permissions by default. You can scope keys to read only for agent contexts that should not write.
Revoking keys
Revoke a key from the dashboard at any time. Revocation is immediate — any in-flight requests using that key will fail with 401.