Authentication
How to authenticate with the Chamelaion API using Bearer tokens or API key headers.
Every request to the Chamelaion API (except /health) requires authentication. Chamelaion supports two authentication methods — both use the same API token from your dashboard.
Getting your API key
Section titled “Getting your API key”- Log in to the Chamelaion Dashboard
- Navigate to Settings → API Keys
- Click Create new key
- Give your key a descriptive name (e.g., “Production Server” or “Dev Testing”)
- Copy the key immediately — it won’t be shown again
Method 1: Bearer token (recommended)
Section titled “Method 1: Bearer token (recommended)”Pass your API token in the Authorization header with the Bearer prefix:
curl https://api.chamelaion.com/api/v1/users/me \ -H "Authorization: Bearer YOUR_API_KEY"import requests
response = requests.get( "https://api.chamelaion.com/api/v1/users/me", headers={"Authorization": "Bearer YOUR_API_KEY"},)print(response.json())# {"name": "My API Token"}const response = await fetch("https://api.chamelaion.com/api/v1/users/me", { headers: { Authorization: "Bearer YOUR_API_KEY" },});const data = await response.json();console.log(data);// { name: "My API Token" }Method 2: API key header
Section titled “Method 2: API key header”Alternatively, pass your token in the x-api-key header:
curl https://api.chamelaion.com/api/v1/users/me \ -H "x-api-key: YOUR_API_KEY"import requests
response = requests.get( "https://api.chamelaion.com/api/v1/users/me", headers={"x-api-key": "YOUR_API_KEY"},)print(response.json())This method is useful when integrating with tools or platforms that have dedicated API key fields but don’t support custom Authorization header formats.
Verifying your token
Section titled “Verifying your token”Use the /v1/users/me endpoint to verify that your token is valid and see the identity associated with it:
curl https://api.chamelaion.com/api/v1/users/me \ -H "Authorization: Bearer YOUR_API_KEY"A successful response returns:
{ "name": "My API Token"}If your token is invalid or missing, you’ll receive a 401 Unauthorized response:
{ "error": "invalid token"}Using environment variables
Section titled “Using environment variables”We recommend storing your API key in an environment variable:
Bash / Zsh
Section titled “Bash / Zsh”export CHAMELAION_API_KEY="your-api-key-here"
curl https://api.chamelaion.com/api/v1/users/me \ -H "Authorization: Bearer $CHAMELAION_API_KEY"Python
Section titled “Python”import osimport requests
api_key = os.environ["CHAMELAION_API_KEY"]
response = requests.get( "https://api.chamelaion.com/api/v1/users/me", headers={"Authorization": f"Bearer {api_key}"},)TypeScript / Node.js
Section titled “TypeScript / Node.js”const apiKey = process.env.CHAMELAION_API_KEY!;
const response = await fetch("https://api.chamelaion.com/api/v1/users/me", { headers: { Authorization: `Bearer ${apiKey}` },});Common authentication errors
Section titled “Common authentication errors”| HTTP Status | Error Message | Cause |
|---|---|---|
| 401 | missing authorization header | No Authorization or x-api-key header sent |
| 401 | invalid authorization format | Authorization header is malformed |
| 401 | missing token | Header is present but the token value is empty |
| 401 | invalid token | The token doesn’t match any active API key |
| 401 | unauthorized | Generic authentication failure |