Andi API

Authentication

Authenticate API requests with workspace API keys using bearer tokens

Open Markdown

Use API keys to authenticate server-to-server requests to the Andi API.

How authentication works

Create an API key from your workspace in the app:

  1. Open the workspace you want to access.
  2. Go to API Keys.
  3. Create a key and choose the permissions it should have.
  4. Copy the secret immediately. You will only see it once.

Each API key is scoped to the workspace where it was created. When you send the key, the API resolves that workspace from the key itself.

Send the key in the Authorization header

Use the key as a bearer token:

curl "https://andiapi.com/api/objects" \
  -H "Authorization: Bearer $ANDI_API_KEY"

For clients that cannot send bearer tokens, x-api-key: <key> is also accepted, but Authorization: Bearer <key> is the recommended format.

Store the key securely

Do not hardcode API keys in source files or commit them to git.

Store the key in a secure environment variable such as ANDI_API_KEY:

export ANDI_API_KEY="andi_live_..."

Then read it from your server runtime:

const apiKey = process.env.ANDI_API_KEY;

const response = await fetch("https://andiapi.com/api/objects", {
  headers: {
    Authorization: `Bearer ${apiKey}`,
  },
});

Permissions

When you create a key, you can scope what it is allowed to do.

Current permissions:

  • objects.read: read object definitions and object data.
  • objects.write: create, update, and delete object definitions or object data.
  • workspaces.read: available when creating keys for workspace-level access.

If a key does not have the required objects permission, the API rejects the request.

Workspace behavior

API keys are already bound to one workspace, so you do not need to send a workspace header with bearer-token requests.

That makes them a good fit for backend services, workers, scripts, and integrations running outside the app.

Recommendations

  • Use a different API key per environment or integration.
  • Grant the smallest set of permissions needed.
  • Rotate keys if they are exposed or no longer needed.
  • Revoke keys from the workspace API Keys page when an integration is retired.

AI Agents

Get started building an agent that uses Andi API to understand definitions and populate workspace data

Data Model

Define objects, attributes, operations, and lifecycle hooks in Andi

On this page

How authentication worksSend the key in the Authorization headerStore the key securelyPermissionsWorkspace behaviorRecommendations