API key management, authentication flows, and security best practices.
All Cognigate API requests require authentication via API key. Keys are scoped to an organization and carry specific permissions.
Include your API key in the Authorization header:
curl -X POST https://cognigate.dev/v1/intents \
-H "Authorization: Bearer cg_live_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"agentId":"my-agent","action":"read","resource":"documents/*"}'| Prefix | Environment | Description |
|---|---|---|
cg_live_ | Production | Full access, rate limits apply per tier |
cg_test_ | Testing | Sandbox only, no production side effects |
cg_dev_ | Development | Local development, relaxed rate limits |
API keys can be generated through the admin API:
# Generate a new API key
curl -X POST https://cognigate.dev/v1/auth/keys \
-H "Authorization: Bearer cg_live_admin_key" \
-H "Content-Type: application/json" \
-d '{
"name": "my-service-key",
"scopes": ["intents:write", "trust:read", "proofs:read"],
"expiresIn": "90d"
}'| Scope | Permits |
|---|---|
agents:read | List and retrieve agent details |
agents:write | Register and update agents |
intents:write | Submit governance intents |
trust:read | Query trust scores and history |
trust:write | Submit trust signals |
proofs:read | Retrieve proof receipts and chains |
admin:* | Full administrative access |
| Code | HTTP Status | Description |
|---|---|---|
E1001 | 401 | API key is missing from the Authorization header |
E1002 | 401 | API key is invalid or has been revoked |
E1003 | 401 | API key has expired — generate a new one |
E1004 | 403 | Insufficient permissions for this operation |
import { Vorion } from '@vorionsys/sdk';
const vorion = new Vorion({
apiEndpoint: 'https://cognigate.dev',
apiKey: process.env.COGNIGATE_API_KEY,
});