Appearance

Authentication

The PaiTIENT Secure Model Service uses API keys for authentication. This document explains how to authenticate with the service across different interfaces.

API Keys

API keys are used to authenticate with the PaiTIENT Secure Model Service. Each client is issued a set of credentials:

  • Client ID: A unique identifier for your account
  • API Key: A secret token used for authentication

These credentials should be treated as sensitive information and should never be exposed publicly.

Environment Variables

The recommended way to provide authentication details is through environment variables:

bash
# Required environment variables
export PAITIENT_API_KEY="your-api-key"
export PAITIENT_CLIENT_ID="your-client-id"

# Optional environment variable
export PAITIENT_ENDPOINT="https://api.paitient.ai/v1"  # Defaults to this value if not specified

Authentication in SDK

Python SDK

python
from paitient_secure_model import Client

# Method 1: Using environment variables (recommended)
client = Client()

# Method 2: Explicit credentials
client = Client(
    api_key="your-api-key",
    client_id="your-client-id"
)

# Method 3: Using a credentials file
client = Client.from_credentials_file("/path/to/credentials.json")

JavaScript SDK

javascript
const { PaiTIENTClient } = require('paitient-secure-model');

// Method 1: Using environment variables (recommended)
const client = new PaiTIENTClient();

// Method 2: Explicit credentials
const client = new PaiTIENTClient({
  apiKey: 'your-api-key',
  clientId: 'your-client-id'
});

// Method 3: Using a credentials file
const client = PaiTIENTClient.fromCredentialsFile('/path/to/credentials.json');

Authentication in CLI

The CLI also uses the same environment variables for authentication:

bash
# Set environment variables first
export PAITIENT_API_KEY="your-api-key"
export PAITIENT_CLIENT_ID="your-client-id"

# Then run CLI commands
secure-model deploy model --name ZimaBlueAI/HuatuoGPT-o1-8B

Alternatively, you can use the login command:

bash
secure-model login
# Follow the interactive prompts

Authentication in REST API

When making direct REST API calls, include the API key in the Authorization header:

http
GET /deployments HTTP/1.1
Host: api.paitient.ai
Authorization: Bearer your-api-key
X-Client-ID: your-client-id

Credential Security

Follow these best practices to keep your credentials secure:

  1. Never hardcode API keys in your source code
  2. Don't commit API keys to version control
  3. Use environment variables or secure credential stores
  4. Rotate API keys regularly
  5. Use separate API keys for development and production

API Key Permissions

Different API keys can have different permission levels:

  • Read-only: Can only read data, not make changes
  • Write: Can create, update, and delete resources
  • Admin: Full access to all resources

You can request keys with specific permissions through your account dashboard.

Multi-Factor Authentication (MFA)

For additional security, enable Multi-Factor Authentication for your account. When MFA is enabled, API key generation and management requires MFA verification.

Token Expiration

By default, API keys do not expire. You can set an expiration time when generating a new API key for enhanced security.

IP Restrictions

For additional security, you can restrict API key usage to specific IP addresses or ranges through your account dashboard.

Next Steps

Released under the MIT License.

Copyright © 2023 PaiTIENT.ai