Authentication
Every request carries a single header — your API key. There are no unauthenticated endpoints, and no OAuth dance to run.
The API key header
Send your key on every request as X-API-Key:
X-API-Key: at_live_xxxxxxxxxxxxxxxxxxxxxxxx Keys are issued by Antero Trail — there is no self-serve key-creation endpoint. Request access and we'll issue you a key.
Test and live keys
You get two keys. A at_test_ key runs the
identical pipeline as a live key — same parsing, same ESX
output — but its jobs are flagged environment: "test" and
excluded from usage and invoice reporting. Build and integrate against the
test key; switch the prefix to go live.
| Prefix | Environment | Billed |
|---|---|---|
at_test_ | Test — identical pipeline | No |
at_live_ | Live | Yes |
Treat both keys like passwords. Never ship one in client-side code or a public repo — every call runs server-to-server. If a key leaks, tell us and we'll revoke and reissue it.
Auth failures
A missing or bad key is rejected before any work happens, with a
401 and a machine-readable error.code:
| Situation | Status | error.code |
|---|---|---|
X-API-Key header missing | 401 | missing_api_key |
| Key unknown, revoked, or partner suspended | 401 | invalid_api_key |
Every error body — auth or otherwise — follows one shape, so you can handle them uniformly. See Errors & limits for the full envelope and code list.