The AI Search API uses Bearer token authentication. Every request must include an Authorization header with your API key:
Authorization: Bearer <API_KEY>
Requests that send or receive JSON should also set Content-Type: application/json.

Get an API key

Create and manage keys from your dashboard at aisearchapi.dev. New accounts start with 500 free credits — no card required.
1

Sign in to the dashboard

Go to aisearchapi.dev and sign in (or create an account).
2

Create a key

Open the API keys section and generate a new key. Copy it immediately — the full value is shown only once.
3

Store it as an environment variable

Keep the key in a server-side secret, for example AISEARCH_API_KEY. Never commit it to source control.

Authenticate a request

Send the key in the Authorization header on every call.
curl https://api.aisearchapi.dev/v1/search \
  -H "Authorization: Bearer $AISEARCH_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "best crm for startups",
    "surfaces": ["chatgpt"]
  }'

Keep keys server-side

Your API key is a secret. Anyone who holds it can spend your credits. Never ship it in a browser, mobile app, or any other client you don’t control — bundled JavaScript, source maps, and network tabs are all readable by end users.Call the API only from your backend, a serverless function, or another trusted server-side environment, and proxy requests from your frontend through it.
If a key is ever exposed, revoke it in the dashboard and issue a new one.

Auth errors

Every error response uses the standard envelope:
{
  "error": {
    "code": "AUTH_INVALID",
    "message": "The provided API key is not valid.",
    "status": 401
  }
}
There are two authentication-specific errors, both returning 401:
AUTH_MISSING
401
No Authorization header, or the header is malformed (missing the Bearer prefix or the token).
AUTH_INVALID
401
The Authorization header is well-formed, but the key is wrong, revoked, or unknown.
If you see AUTH_MISSING with a key you believe is set, check that your HTTP client actually forwards the header — some tools strip Authorization on redirects, and empty environment variables silently produce Bearer with no token.

No auth required for health

The liveness endpoint is public and does not require a key:
curl https://api.aisearchapi.dev/v1/health
{ "status": "ok", "schemaVersion": "1.0" }
Every other endpoint requires a valid Bearer token.

Make your first request

Send a search and read the result, end to end.