Skip to main content

API Key Authentication

Penelope uses API key authentication for secure access to the API. Each request must include your API key in the x-api-key header.

Obtaining Your API Key

Contact the Penelope team to receive your unique API key. Your key will be securely stored and validated.

Making Authenticated Requests

Include your API key in the x-api-key header for all API requests: Example Request: 
curl -X GET https://api.penelope.health/plans \
  -H "x-api-key: your_api_key_here"
Example with Query Parameters: 
curl -X GET "https://api.penelope.health/search-policies?query=diabetes&limit=10" \
  -H "x-api-key: your_api_key_here"

Error Responses

403 Forbidden - Missing x-api-key header: 
{
  "detail": "Not authenticated"
}
401 Unauthorized - Invalid API key: 
{
  "detail": "Invalid API key"
}

Security Best Practices

  • Never expose your API key in client-side code, public repositories, or logs
  • Store API keys as environment variables or in secure configuration management systems
  • HTTPS required: All requests must use HTTPS in production
  • Contact the Penelope team immediately if your API key is compromised