Skip to main content

Authorize

Authorize before securely making API requests


After creating your access credentials, you are ready to make API calls. Most of our API clients require setting up authentication during initialization; though, it can be changed for particular requests, if needed.

If you are using a REST API, you will need to add the Authorization header as illustrated in the cURL example below.

Authorization Keys

The key used for authorization can either be:

IMPORTANT NOTE
  • PAT is the primary authentication mechanism we use.

Using a PAT is more powerful than an API Key. A PAT represents you when accessing the Clarifai API. It allows you to access multiple applications with a single key.

With a PAT, you can access your own apps as well as any other apps you have permissions to use, such as public apps, apps you're added as a collaborator, or apps belonging to your organization's team. Also, certain endpoints support only PATs, such as creating a new application or a new API Key.

When using a PAT to call the API, you need to specify your user ID alongside the application ID to which the request should be applied.

On the other hand, an API Key restricts your access only to a single app. So, it could be suitable for accessing resources that are specifically locked down to a single app.

When using an app-specific API Key, you do not need to specify either the user ID or the application ID as they are already part of the API Key.

tip

Clarifai provides various clients you can use to access the API in your favorite programming language. Learn how to install your preferred client here.

Authorization Examples

###############################################################################################
# Initialize the gRPC-based client to communicate with the Clarifai platform.
###############################################################################################

# Import the Clarifai gRPC-based objects needed
from clarifai_grpc.channel.clarifai_channel import ClarifaiChannel
from clarifai_grpc.grpc.api import resources_pb2, service_pb2, service_pb2_grpc
from clarifai_grpc.grpc.api.status import status_pb2, status_code_pb2

# Construct the communications channel
channel = ClarifaiChannel.get_grpc_channel()
# Construct the V2Stub object for accessing all the Clarifai API functionality
stub = service_pb2_grpc.V2Stub(channel)

##############################################################################################
# This is where you set up the metadata object that's used to authenticate.
# This authorization will be used by every Clarifai API call.
# Change the following authorization key to your own credentials
# Example: metadata = (('authorization', 'Key ' + 'a123457612345678'),)
##############################################################################################

metadata = (('authorization', 'Key ' + 'YOUR_CLARIFAI_PAT_HERE'),)
# Or, if you were to use an API Key:
# metadata = (('authorization', 'Key ' + 'YOUR_CLARIFAI_API_KEY_HERE'),)
# Yes, the word 'Key' appears in addition to the alphanumeric PAT or API Key

##############################################################################################
# A UserAppIDSet object is needed when using a PAT. It contains two pieces of information:
# user_id (your user id) and app_id (app id that contains the model of interest).
# Both of them are specified as string values.
##############################################################################################

userDataObject = resources_pb2.UserAppIDSet(user_id='YOUR_USER_ID_HERE', app_id='YOUR_APPLICATION_ID_HERE')
caution
  • If your PAT or API Key does not have the required scope(s) to execute a given request, you will get an error message reporting the missing scopes and/or endpoints that are needed to execute the request.
  • An invalid PAT or API Key may be reported as 'API key not found'.
  • Failure to include the required PAT or API Key may result in 'Invalid request'.

CORS Policy

Our APIs adhere to industry standards for Cross-Origin Resource Sharing (CORS) to ensure security and proper access control. The Access-Control-Allow-Origin header is limited to a predefined list of allowed origins.

This means that only requests originating from allowed origins will receive a successful CORS response. If your Javascript application(s) encounter a CORS error while calling our APIs, it is likely that the origin is not on the allowed list.

To avoid such issues, we recommend following established patterns such as using a backend server to proxy API requests or ensuring your application is hosted on an approved origin.

For more information about CORS and best practices, you can refer to this resource.

If you need additional support or would like to request for your custom domain, please reach out to support@clarifai.com for assistance.