Authentication - Starfort

Bearer token

Every Guard API request requires an Authorization: Bearer {api-key} header.

POST /v1/guard/{api-id}/analyze HTTP/1.1
Host: api.starfort.aim-intelligence.com
Authorization: Bearer sk_live_abc123...
Content-Type: application/json

Authentication failures

HTTP	Code	Cause
`401`	`UNAUTHORIZED`	Missing `Authorization` header or invalid key.
`403`	`API_INACTIVE`	Key is deactivated or revoked.
`404`	`API_NOT_FOUND`	The `{api-id}` in the URL doesn’t exist.

Key lifecycle

Keys are issued, rotated, and revoked by administrators in Citadel. Your client should:

Read the key from a secret store, never commit it to source control.
Retry on 401 only once — if it still fails, fetch a fresh key from your secret store.
Treat a 403 API_INACTIVE as terminal — stop sending requests until the key is rotated.

TODO — recommended rotation cadence and zero-downtime rotation pattern.

For developers

​Bearer token

​Authentication failures

​Key lifecycle

Bearer token

Authentication failures

Key lifecycle