F1
Fig1 SDK

Authentication

All API requests require authentication using an API key. This guide explains how to get your key and use it securely.

Getting Your API Key

  1. Sign in to app.fig1.ai
  2. Navigate to SettingsAPI Keys
  3. Click Create API Key
  4. Copy your key—it won't be shown again

Using Your API Key

Include your API key in the X-Fig1-API-Key header with every request:

POST /api/sdk/agent/chat HTTP/1.1
Host: app.fig1.ai
Content-Type: application/json
X-Fig1-API-Key: fig1_sdk_your_api_key

{
  "message": "Hello!"
}

TypeScript Example

const response = await fetch('https://app.fig1.ai/api/sdk/agent/chat', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Fig1-API-Key': process.env.FIG1_API_KEY!
  },
  body: JSON.stringify({ message: 'Hello!' })
});

cURL Example

curl -X POST https://app.fig1.ai/api/sdk/agent/chat \
  -H "Content-Type: application/json" \
  -H "X-Fig1-API-Key: fig1_sdk_your_api_key" \
  -d '{"message": "Hello!"}'

API Key Format

API keys use the format fig1_sdk_ followed by a unique identifier. Each key is tied to a specific site in your account.

Security Best Practices

Never Expose Keys in Client-Side Code

// ❌ BAD - API key exposed in browser
const response = await fetch('/api/chat', {
  headers: { 'X-Fig1-API-Key': 'fig1_sdk_xxx' }
});

// ✅ GOOD - Proxy through your backend
const response = await fetch('/api/my-backend/chat', {
  method: 'POST',
  body: JSON.stringify({ message })
});

Use Environment Variables

# .env.local
FIG1_API_KEY=fig1_sdk_your_api_key

// Access in server-side code only
const apiKey = process.env.FIG1_API_KEY;

Create a Backend Proxy

For web applications, always proxy API requests through your backend:

// app/api/chat/route.ts (Next.js)
export async function POST(request: Request) {
  const body = await request.json();

  const response = await fetch('https://app.fig1.ai/api/sdk/agent/chat', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-Fig1-API-Key': process.env.FIG1_API_KEY!
    },
    body: JSON.stringify(body)
  });

  return Response.json(await response.json());
}

Rate Limits

Rate limits vary based on your subscription plan. Check your dashboard for your current limits.

When you exceed your rate limit, the API returns a 429 status code.

Error Responses

Invalid API Key (401)

{
  "success": false,
  "error": "Invalid API key"
}

Missing API Key (401)

{
  "success": false,
  "error": "API key required"
}

Rate Limit Exceeded (429)

{
  "success": false,
  "error": "Rate limit exceeded. Try again in 30 seconds."
}

Rotating Keys

To rotate your API key:

  1. Create a new key in the dashboard
  2. Update your application with the new key
  3. Test that everything works
  4. Delete the old key

This ensures zero downtime during rotation.