Skip to main content

API key authentication

Every Amps API request carries an API key in the x-api-key header. The key identifies the customer account and routes the request to the correct environment schema.

Getting your API keys

You will need to request Sandbox access before completing these steps. Get sandbox access to continue.
1

Log into Dashboard

Access the Amps AI Dashboard with your customer account
2

Navigate to API Keys

Go to the API Keys section in your account settings
3

Generate Keys

Create separate API keys for sandbox and/or live environments
Keep your API keys secure. Never commit them to version control or expose them in client-side code.

Using API keys

Include your API key in the x-api-key header for all requests: 
x-api-key: your-api-key-here

Example request

curl
curl -X GET "https://api.amps.ai/battery/{deviceId}" \
  -H "x-api-key: sk_live_xxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Environment-specific keys

API keys are environment-specific. The prefix selects the environment; the host is always https://api.amps.ai:
  • Sandbox Keys (sk_test_...): route to sandbox simulations
  • Live Keys (sk_live_...): route to real OEM hardware
The environment is stamped into the key at issuance and cannot be overridden per request. A sandbox key never reaches live data, and a live key never reaches sandbox data.
Always use sandbox keys during development and testing. Only switch to live keys when you’re ready for production.

Environments Guide

Learn more about Sandbox and Live environments, including URL structure and when to use each

API key format

API keys follow this format: 
sk_{environment}_{random_string}
The {environment} segment is test for sandbox keys and live for live keys. Examples:
  • sk_test_xxxxxxxxxxxxxxxxxxxxxxxx
  • sk_live_xxxxxxxxxxxxxxxxxxxxxxxx

Base URL

Both environments share one base URL: 
https://api.amps.ai
The key you send, not the URL, selects sandbox or live.

Error responses

Invalid API key

401
object
Invalid or missing API key
{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  },
  "meta": {
    "requestId": "req_abc123",
    "timestamp": "2026-06-01T10:30:00.000Z",
    "path": "/battery/device_abc123",
    "latencyMs": 8
  }
}

Expired API key

401
object
API key has been revoked or expired
{
  "success": false,
  "error": {
    "code": "EXPIRED_TOKEN",
    "message": "API key has expired"
  },
  "meta": {
    "requestId": "req_abc123",
    "timestamp": "2026-06-01T10:30:00.000Z",
    "path": "/battery/device_abc123",
    "latencyMs": 8
  }
}

Best practices

Regularly rotate your API keys for security. Generate new keys and update your applications before revoking old ones.
Use descriptive names for your API keys (e.g., “Production App”, “Staging Environment”) to track usage.
Never use live API keys in development or testing environments. Always use sandbox keys for non-production use.
Store API keys securely:
  • Use environment variables
  • Never hardcode in source code
  • Use secret management services
  • Restrict access to keys

Revoking API keys

You can revoke API keys at any time from the dashboard:
  1. Navigate to API Keys section
  2. Find the key you want to revoke
  3. Click “Revoke”
  4. The key will immediately stop working
Revoking an API key will immediately break all applications using that key. Make sure you have replacement keys ready.

Rate limits

API keys are subject to rate limits based on your plan:
  • Sandbox: More lenient limits for testing
  • Live: Production limits based on your subscription
Rate limit headers are included in responses: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200

Next steps

Environments Guide

Learn about Sandbox and Live environments

Link UI

Learn about device authentication

API Reference

Explore API endpoints