Authentication
Learn how to authenticate requests to the Omniagent API
API keys
The Omniagent API uses API keys to authenticate requests. Every API key is scoped to an organization and a project. All resources — companions, tools, knowledge collections, and FAQ collections — live under a specific project.
All API requests must include the key in the X-Api-Key header:
X-Api-Key: <your-api-key>If the key is missing, expired, or invalid, the server responds with 401 Unauthorized.
Your API key is a secret. Keep it private and only use it on the server side — never expose it in client-side code.
Getting an API key
For a step-by-step walkthrough with screenshots, see the Create a New API Key guide.
In short: open the dashboard, navigate to Keys, and click + Create API key. You'll choose a provider and a deployment type (Napster managed or your own custom deployment).
Using your API key
Include your key in the X-Api-Key header on every request:
curl https://companion-api.napster.com/public/companions/napster-stock \
-H "X-Api-Key: $NAPSTER_API_KEY"The same key works for all Omniagent API endpoints — managing companions, uploading knowledge, configuring tools, and everything else.