Authentication - AI Gen Studio

Private API endpoints require an API key in the Authorization header.

Authorization: Bearer aigen_live_xxxxxxxxx

API keys are meant for backend services only. Do not expose them in browser code, mobile apps, public repositories, logs, or analytics tools.

Key prefixes

Prefix	Environment
`aigen_test_`	Sandbox
`aigen_live_`	Live

The environment is part of the key. Sandbox and live resources are isolated.

Required headers

Create requests should include:

Authorization: Bearer aigen_live_xxxxxxxxx
Content-Type: application/json
Idempotency-Key: catalog-import-2026-06-22-001

You may also send X-Request-Id for log correlation:

X-Request-Id: client-request-123

AI Gen Studio returns a request_id in API responses. Use it when investigating failures with support or correlating API responses, logs, and webhook events.

Key handling

Store API keys in a secret manager or encrypted environment variable.
Give each integration environment its own key.
Rotate keys when a deployment, vendor, or team access changes.
Revoke or delete keys that should no longer authenticate.
Never ask merchants or frontend clients to call the API directly with your key.

Authentication errors

HTTP status	Error code	Meaning
`401`	`invalid_api_key`	The key is missing, malformed, revoked, deleted, or unknown.
`401`	`api_key_expired`	The key expiration date has passed.
`401`	`api_key_inactive`	The key was deactivated from the dashboard.
`403`	`api_access_not_enabled`	The account is not eligible for live API processing.

Rotate to a valid key before retrying authentication failures. Do not retry invalid keys in a tight loop.

​Key prefixes

​Required headers

​Key handling

​Authentication errors

Key prefixes

Required headers

Key handling

Authentication errors