Authentication - Rhizome AI

API Keys

All API requests require an API key passed in the x-api-key header.

curl -X POST https://api.rhizomeai.com/api/search \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"query_text": "example"}'

Getting an API Key

Log in to Rhizome
Go to API Keys
Click Create API Key
Copy your key immediately — it’s only shown once!

API access requires an enterprise plan. Contact [email protected] to upgrade your account.

Security Best Practices

Never expose your API key in client-side code

API keys should only be used in server-side code. Never include them in JavaScript running in the browser.

Use environment variables

Store your API key in environment variables, not in source code.

export RHIZOME_API_KEY="your-api-key"

import os
api_key = os.environ["RHIZOME_API_KEY"]

Rotate keys if compromised

If you suspect your API key has been compromised, delete it immediately from the API Keys console and create a new one.

Error Responses

Status	Error	Description
401	`Missing or invalid x-api-key header`	No API key provided
401	`Invalid API key`	The API key doesn’t exist or was deleted
429	`Rate limit exceeded`	Too many requests (see Rate Limits)

Get Started

​API Keys

​Getting an API Key

​Security Best Practices

​Error Responses

API Keys

Getting an API Key

Security Best Practices

Error Responses