Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.continum.co/llms.txt

Use this file to discover all available pages before exploring further.

API Key Authentication

Continum uses API keys to authenticate requests. Include your API key in the x-continum-key header: 
curl https://api.continum.co/audits \
  -H "x-continum-key: co_your_api_key_here"

Getting Your API Key

Get your API key from the dashboard:
  1. Sign in with GitHub
  2. Create a customer account (Individual or Company)
  3. Navigate to Settings → API Keys
  4. Click “Generate New Key”
  5. Copy and save the key securely
API keys are displayed only once. If you lose your key, you’ll need to generate a new one.

API Key Format

Continum API keys follow this format: 
co_[48 hexadecimal characters]
Example: co_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4

Security Best Practices

Store Keys Securely

Never hardcode API keys in your source code: 
// ❌ Bad - hardcoded key
const continum = new Continum({
  continumKey: 'co_a1b2c3d4...'
});

// ✅ Good - environment variable
const continum = new Continum({
  continumKey: process.env.CONTINUM_KEY
});

Use Environment Variables

Store keys in environment variables: 
# .env
CONTINUM_KEY=co_your_api_key_here

Rotate Keys Regularly

Generate new keys periodically and revoke old ones:
  1. Generate a new key in the dashboard
  2. Update your application with the new key
  3. Test that everything works
  4. Revoke the old key

Limit Key Scope

Use different keys for different environments:
  • Development: co_dev_...
  • Staging: co_staging_...
  • Production: co_prod_...

Key Management

Viewing Keys

View all your API keys in the dashboard: 
Dashboard → Settings → API Keys
You’ll see:
  • Key prefix (first 8 characters)
  • Creation date
  • Last used date
  • Status (active/revoked)

Revoking Keys

Revoke a key immediately if compromised:
  1. Navigate to API Keys in the dashboard
  2. Find the key to revoke
  3. Click “Revoke”
  4. Confirm the action
Revoking a key is immediate and cannot be undone. All requests using that key will fail.

Authentication Errors

401 Unauthorized

Missing or invalid API key: 
{
  "statusCode": 401,
  "message": "Missing x-continum-key header",
  "error": "Unauthorized"
}
Solution: Include the x-continum-key header with a valid API key.

403 Forbidden

Plan limit reached: 
{
  "statusCode": 403,
  "message": "Dev plan audit limit (1000) reached. Please upgrade to Pro.",
  "error": "Forbidden"
}
Solution: Upgrade your plan or wait for the limit to reset.

Testing Authentication

Test your API key with a simple request: 
curl https://api.continum.co/audits \
  -H "x-continum-key: co_your_api_key_here"
Expected response: 
{
  "audits": [],
  "total": 0,
  "page": 1,
  "limit": 10
}

SDK Authentication

The SDK handles authentication automatically: 
import { protect } from '@continum/sdk';
import OpenAI from 'openai';

const openai = new OpenAI();

// SDK includes authentication automatically
const response = await protect(
  () => openai.chat.completions.create({
    model: 'gpt-4',
    messages: [{ role: 'user', content: 'Hello' }]
  }),
  {
    apiKey: process.env.CONTINUM_API_KEY!,
    preset: 'customer-support'
  }
);

Internal API Authentication

Some endpoints are for internal use only (Continum Platform communication): 
curl -X POST https://api.continum.co/internal/signal \
  -H "x-internal-secret: your_internal_secret" \
  -H "Content-Type: application/json" \
  -d '{...}'
Internal endpoints are not accessible with regular API keys. They are reserved for Continum Platform operations.

Next Steps

API Introduction

Learn about the REST API

SDK Installation

Install the SDK

Audits API

Query compliance audits

Dashboard

View your API keys