Skip to main content

API Key Authentication

Continum uses API keys to authenticate requests. Include your API key in the x-continum-key header: 
curl https://api.continum.co/customers \
  -H "x-continum-key: co_your_api_key_here"

Getting Your API Key

  1. Sign in to the dashboard
  2. Navigate to Settings → API Keys
  3. Click “Generate New Key”
  4. Copy and save the key securely
API keys are displayed only once. If you lose your key, you’ll need to generate a new one.

API Key Format

Continum API keys follow this format: 
co_[48 hexadecimal characters]
Example: co_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4

Security Best Practices

Store Keys Securely

Never hardcode API keys in your source code: 
// ❌ Bad - hardcoded key
const continum = new Continum({
  continumKey: 'co_a1b2c3d4...'
});

// ✅ Good - environment variable
const continum = new Continum({
  continumKey: process.env.CONTINUM_KEY
});

Use Environment Variables

Store keys in environment variables: 
# .env
CONTINUM_KEY=co_your_api_key_here

Rotate Keys Regularly

Generate new keys periodically and revoke old ones:
  1. Generate a new key in the dashboard
  2. Update your application with the new key
  3. Test that everything works
  4. Revoke the old key

Limit Key Scope

Use different keys for different environments:
  • Development: co_dev_...
  • Staging: co_staging_...
  • Production: co_prod_...

Key Management

Viewing Keys

View all your API keys in the dashboard: 
Dashboard → Settings → API Keys
You’ll see:
  • Key prefix (first 8 characters)
  • Creation date
  • Last used date
  • Status (active/revoked)

Revoking Keys

Revoke a key immediately if compromised:
  1. Navigate to API Keys in the dashboard
  2. Find the key to revoke
  3. Click “Revoke”
  4. Confirm the action
Revoking a key is immediate and cannot be undone. All requests using that key will fail.

Authentication Errors

401 Unauthorized

Missing or invalid API key: 
{
  "statusCode": 401,
  "message": "Missing x-continum-key header",
  "error": "Unauthorized"
}
Solution: Include the x-continum-key header with a valid API key.

403 Forbidden

Plan limit reached: 
{
  "statusCode": 403,
  "message": "Dev plan audit limit (1000) reached. Please upgrade to Pro.",
  "error": "Forbidden"
}
Solution: Upgrade your plan or wait for the limit to reset.

Testing Authentication

Test your API key with a simple request: 
curl https://api.continum.co/customers \
  -H "x-continum-key: co_your_api_key_here"
Expected response: 
{
  "id": "cust_123",
  "name": "Your Company",
  "plan": "PRO",
  "auditCount": 1234
}

SDK Authentication

The SDK handles authentication automatically: 
import { Continum } from '@continum/sdk';

const continum = new Continum({
  continumKey: process.env.CONTINUM_KEY,
  openaiKey: process.env.OPENAI_API_KEY
});

// SDK includes x-continum-key header automatically
const response = await continum.llm.openai.gpt_4o.chat({
  messages: [{ role: 'user', content: 'Hello' }]
});

Internal API Authentication

Some endpoints are for internal use only (Continum Platform communication): 
curl -X POST https://api.continum.co/internal/signal \
  -H "x-internal-secret: your_internal_secret" \
  -H "Content-Type: application/json" \
  -d '{...}'
Internal endpoints are not accessible with regular API keys. They are reserved for Continum Platform operations.

Next Steps

API Introduction

Learn about the REST API

SDK Installation

Install the SDK

Customer API

Manage customer accounts

Dashboard

View your API keys