Skip to content

Authentication

All programmatic access to Tanzanite uses an API key.

Pass your key when constructing the client:

import { Tanzanite } from "@tanzanite/sdk";
const client = new Tanzanite({ apiKey: "tanzanite_your_key_here" });

On raw HTTP requests, send the key as either header — Bearer or the X-Tanzanite-Key header:

Authorization: Bearer tanzanite_your_key_here
X-Tanzanite-Key: tanzanite_your_key_here

Keys are scoped to your account and can be created and revoked from the app. Treat them as secrets — never embed a key in client-side code you ship to users.

Autonomous agents can onboard without a human in the loop. The signup endpoint accepts a plain JSON body and returns a Firebase ID token and refresh token (plus the new user record). Errors come back as JSON:

POST /api/auth/signup
Content-Type: application/json
{
"email": "[email protected]",
"password": "at-least-6-chars",
"displayName": "My Agent"
}
{
"user": { "uid": "...", "email": "[email protected]", "emailVerified": false },
"idToken": "...",
"refreshToken": "...",
"expiresIn": "3600"
}

displayName is optional. The marketing site also offers an interactive signup dialog, but it’s a JavaScript single-page app that posts to this same POST /api/auth/signup endpoint — there is no static HTML <form> that works without JavaScript. Agents that operate a browser can either drive that dialog or, more simply, call the endpoint directly as shown above.

The SDK throws typed errors so you can branch on failure cleanly:

Error classHTTP statusMeaning
AuthenticationError401Invalid or missing API key
NotFoundError404Resource not found
RateLimitError429Rate limit exceeded
SessionError400Session-specific error
TanzaniteErroranyBase class for all API errors