Overview
Bijou uses API keys to authenticate requests. API keys are tied to your user account and allow programmatic access to the detection API.
API keys are charged per detection. Make sure you have credits in your account before making API calls.
Generate an API Key
- Sign in to Bijou
- Go to Profile
- Under API Keys, click Generate
- Copy the key immediately - you won’t be able to see it again
Treat your API key like a password. Never commit it to version control or share it publicly.
Using Your API Key
Include your API key in the X-Api-Key header:
from bijou import BijouClient
client = BijouClient(api_key="bijou_your-key-here")
bijou_<32-character-random-token>
bijou_abc123def456ghi789jkl012mno345pqr
Authentication Flow
┌─────────────────────────────────────────────────┐
│ Your Request │
│ X-Api-Key: bijou_abc123... │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ Bijou API │
│ 1. Hash the API key (HMAC-SHA256) │
│ 2. Look up user by key hash │
│ 3. Verify key is active │
│ 4. Check user has sufficient credits │
│ 5. Process request and deduct credits │
└─────────────────────────────────────────────────┘
Endpoints by Auth Type
| Endpoint | Auth Method | Credits |
|---|
/api/detect | API Key (X-Api-Key) | 1 credit per detection |
/api/detector/upload | API Key (X-Api-Key) | Free (only detection costs) |
/detect | Cognito (web app) | Free quota (5/day) |
Managing API Keys
List Keys
View all your active API keys in the Profile section of the web app.
Revoke a Key
If a key is compromised:
- Go to Profile > API Keys
- Click Revoke next to the compromised key
- Generate a new key and update your applications
Revoking a key is immediate and cannot be undone. Any requests using the revoked key will return 401 Unauthorized.
Error Responses
| Status | Error | Description |
|---|
401 | Unauthorized | Invalid or missing API key |
402 | Payment Required | Insufficient credits |
429 | Too Many Requests | Rate limit exceeded |
