Getting Started/Authentication

Authentication & Authorization

Learn how to securely authenticate your API requests using API Keys

Authentication Overview

Eureka Open Platform uses API Keys for authentication. All API requests must include a valid API Key to verify your identity and track usage. API Keys are tied to your account and currently support REST API and MCP Server integration methods.

Each API Key is unique and can be managed independently, allowing you to create separate keys for different environments (development, staging, production) or team members.

Note: UI Widgets and Agent Skills authentication methods are coming soon and will be announced when available.

Getting Your API Key

Follow these steps to create your first API Key:

1

Navigate to API Keys Page

Log in to your account and go to the Admin DashboardAPI Keys section

2

Create New Key

Click the Create New Key button and provide a descriptive name for your key

Example key names:

  • Production Main
  • Dev Environment
  • Testing - John's Workspace
3

Save Your Key Securely

Your API Key will be displayed only once. Copy it immediately and store it in a secure location

Important: The full API Key will not be shown again after creation. If you lose it, you'll need to create a new one.

API Key Format

All API Keys follow a standard format for easy identification:

sk-xxxxxxxxxxxxxxxxxxxx

Keys always start with the sk- prefix followed by a unique identifier

Using Your API Key

There are two ways to authenticate your requests with an API Key:

RECOMMENDED Authorization Header

Pass your API Key in the Authorization header using Bearer token format:

cURL
curl -X POST "https://connect.patsnap.com/search/patent/query-search-count" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
  "collapse_order": "LATEST",
  "collapse_by": "PBD",
  "collapse_type": "DOCDB",
  "query_text": "TACD: virtual reality"
}'

URL Parameter

Alternatively, pass your API Key as a URL query parameter (useful for MCP Servers):

cURL
curl -X POST "https://connect.patsnap.com/search/patent/query-search-count?apikey=YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
  "collapse_order": "LATEST",
  "collapse_by": "PBD",
  "collapse_type": "DOCDB",
  "query_text": "TACD: virtual reality"
}'

Note: URL parameters may be logged by proxies and servers. Use Authorization header for better security.

Security Best Practices

Never Expose Keys in Public

Do not commit API Keys to version control systems (GitHub, GitLab), share them in public forums, or include them in client-side code or browser applications

Use Environment Variables

Store API Keys in environment variables or secure secret management systems

export EUREKA_API_KEY="sk-xxxxxxxxxxxx"

Rotate Keys Regularly

Create new API Keys periodically and revoke old ones. If a key is compromised, delete it immediately from the admin dashboard

Use Separate Keys for Different Environments

Create dedicated API Keys for development, staging, and production environments to isolate usage and simplify key rotation

Server-Side Only

Always make API calls from your backend servers, never from client-side JavaScript, mobile apps, or browser extensions where keys can be extracted

Managing API Keys

You can manage your API Keys from the admin dashboard:

  • Create New Keys — Generate new API Keys with descriptive names for different purposes
  • View All Keys — See all your API Keys with creation dates and last usage information
  • Delete Keys — Permanently remove compromised or unused keys from your account

Next Steps

Now that you have your API Key, you're ready to make your first request. Continue to the First Request guide to send your first API call and start building with Eureka Open Platform.