Rodger AI
Get Started

Authentication

Secure API access for Core and Business APIs

Both Core and Business APIs use the same authentication system with API keys and Bearer token authorization. All requests are secured and metered.

API Key Management

Generate and manage API keys through the developer portal. Each key can be scoped to specific APIs and has built-in rate limiting and usage tracking.

Creating API Keys

  1. 1. Navigate to API Keys in your dashboard
  2. 2. Click "Generate New Key"
  3. 3. Set permissions (Core API, Business API, or both)
  4. 4. Configure rate limits and expiration
  5. 5. Copy and store your key securely

Security Note

API keys are shown only once. Store them securely and never commit them to version control.

Key Permissions

Core API Access

Access to personas, knowledge, queries, and authentication endpoints

Business API Access

Access to teams, analytics, A/B testing, and channel integrations

Authentication Methods

Bearer Token (Recommended)

Include your API key in the Authorization header with Bearer token format.

curl -X GET https://api.rodger.ai/personas \
  -H "Authorization: Bearer your-api-key-here" \
  -H "Content-Type: application/json"

SDK Authentication

When using the TypeScript SDK, authentication is handled automatically.

import { RodgerClient } from '@rodger-ai/sdk';

const client = new RodgerClient({
  apiKey: process.env.RODGER_API_KEY, // Your API key
  apiUrl: 'https://api.rodger.ai'     // Production endpoint
});

// All subsequent calls are automatically authenticated
const agents = await client.getPersonas();

Rate Limits & Quotas

Free Tier

  • • 10,000 tokens/month
  • • 100 requests/minute
  • • Core API access only

Pro Plan

  • • 100,000 tokens/month
  • • 500 requests/minute
  • • Full API access

Enterprise

  • • 1,000,000+ tokens/month
  • • Custom rate limits
  • • Priority support

Authentication Errors

401

Unauthorized

Missing or invalid API key

{ "error": "Invalid API key", "code": "AUTH001" }
429

Rate Limited

Too many requests

{ "error": "Rate limit exceeded", "code": "RATE001" }

Security Best Practices

Store keys securely

Use environment variables, never hardcode in source

Rotate keys regularly

Set expiration dates and rotate before they expire

Use minimal scopes

Only grant access to APIs your application needs

Monitor usage

Set up alerts for unusual API usage patterns

Handle errors gracefully

Implement proper retry logic and user feedback

Use HTTPS only

Never send API keys over unencrypted connections