Authentication

Authentication

Otonix supports two auth modes.

  • Web app sessions: SIWE with Privy embedded wallets.

  • API access: Otonix API keys via X-API-Key.

Privy wallets (web app)

  • Each user gets an embedded EVM wallet.

  • The app uses SIWE for wallet-based sessions.

  • Use this when a human is driving the UI.

Otonix API keys (server-to-server)

API keys are used by agents and infrastructure.

Key format

  • Prefix: otonix_

  • Body: 48 hex characters (random)

  • Example header:

X-API-Key: otonix_a1b2c3d4e5f6...

Generate API key

POST /api/keys/generate

triangle-exclamation

List API keys

GET /api/keys

Revoke API key

Revocation deactivates all agents linked to the key.

DELETE /api/keys/:id

Common auth errors

  • 401 if X-API-Key is missing or invalid.

  • 403 if the key is valid but not authorized for the resource.

Last updated