Authentication

The Admin API uses simple HTTP Bearer authentication.

To utilize it, you’ll need to create an Admin Credential on the Customer Portal, and then use it in the Authorization header of your requests to https://api.shen.ai.

1 — Create an Admin Credential

1. Sign in to the Customer Portal: https://admin.shen.ai
2. Navigate to Settings → Admin Keys
3. Click “New Admin Credential”
4. Select scopes
   • Currently only tokens:generate is available.
   • More scopes will appear as new Admin API endpoints are released – follow the principle of least privilege.
5. Copy the generated string (format ska_xxxxxxxxxxxxxxxxxxxxxxxxx).
   • One-time reveal - treat it like any production secret.

2 — Use the credential in requests

All Admin API calls require the header:

Authorization: Bearer ska_xxxxxxxxxxxxxxxxxxxxxxxxx

Example with curl:

curl -X POST https://api.shen.ai/v1/token \
  -H "Authorization: Bearer $SHENAI_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{"expires_in":3600,"single_device":true}'

If the header is missing or invalid you will get:

HTTP/1.1 401 Unauthorized
{ "error": "UNAUTHORIZED" }

3 — Rotating / revoking

• You can disable a credential in the same Admin Keys view.
• All short-lived tokens already issued with that credential remain valid until their individual expires_at.
• Keep TTLs short (seconds ↔ hours) to minimise exposure.

4 — Testing locally

For quick tests you can paste the Admin Credential directly into Postman, Hoppscotch, or a curl command. In staging/CI use a secret manager (env vars, GitHub Actions secrets, AWS SM, etc.).

You can also use the built-in Web UI on https://api.shen.ai to test endpoints interactively.

FAQ

Does an Admin Credential consume SDK usage? No. Only SDK measurements started with client-side tokens (or permanent SDK keys) count towards usage.

Can I have multiple credentials? Yes - one per micro-service, environment, or automated job is common.