Authentication

All Senso API calls are secured with organisation-scoped API keys.
Send the key in the X-API-Key header on every request. 
X-API-Key: tgr_live_a1b2c3d4e5...
No OAuth flows, no token refresh—just the one header.

1. Getting an API key

Keys are generated internally and emailed to authorised contacts.
If you don’t have one yet, email [email protected] with: • Your organisation name
• A short description of your intended use Keys are environment-specific:
tgr_test_… for testing, tgr_live_… for production.

2. Using the key

Add the header to every request: 
curl -H "X-API-Key: tgr_live_abc123..." \
     https://sdk.senso.ai/api/v1/categories
JavaScript example: 
await fetch("https://sdk.senso.ai/api/v1/search", {
  method: "POST",
  headers: {
    "X-API-Key": process.env.SENSO_API_KEY,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({ query: "How do I refinance my mortgage?" })
});

3. Security tips

• Store keys in environment variables or a secret manager
• Never embed keys in browser or mobile apps
• Use separate keys for test and production
• Delete keys you no longer need

4. Troubleshooting

401 Unauthorized

{ "error": "Authentication required" }
The key is missing or malformed—check the header name and value.

403 Forbidden

{ "error": "Insufficient permissions" }
Your key exists but isn’t allowed to perform that action.
Contact [email protected] and include the full error response so we can adjust the permissions. You’re now ready to make authenticated requests—happy building!