Skip to content

Authentication

Authentication

To use the LLMInspect API, proper authentication is required. Your API access can be authenticated in two different ways, as explained in the diagram below:

Image title
LLMInspect API Auth

1. Using Your Own Subscription Key

You can use your own subscription key issued by public model providers (e.g., OpenAI, Gemini, etc.). Include the key in the HTTP request headers using the following format:

Authorization: Bearer {MODEL_KEY}

Obtaining an OpenAI API Key

To obtain an OpenAI API key, visit the OpenAI API Keys page. The OpenAI API key typically has the following format:

sk-***********************

Obtaining a Gemini API Key

To obtain a Gemini API key, visit the Gemini API documentation. The Gemini API key usually has the following format:

AIzaSy************************

Local LLM Key

For accessing a local LLM like InspectGPT, you may need a specific key depending on your deployment configuration. Please contact your system administrator for details on obtaining your local LLM key and its format.

2. Using LLMInspect API Token

Alternatively, you can use an API token issued by the LLMInspect authentication service to access both public and private model providers. Include the token in the HTTP request headers using the following format:

Authorization: Bearer {ID_TOKEN}

Using the LLMInspect API token allows for secure interaction with the API across various models without needing individual keys from each provider.

For Admin: Obtaining LLMInspect API Token

Admin can generate LLMInspect API token and provide them to the employees so they can have flawless access to API across all the models.

Use the following curl command to request a token, and replace the placeholder values with your organization's credentials:

curl -X POST "https://your_domain/realms/InspectChat/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=your_client_id" \
-d "client_secret=your_client_secret" \
-d "username=your_username" \
-d "password=your_password" \
-d "grant_type=password"

On success, the server returns a JSON response containing an access_token, along with other important fields:

{
  "access_token": "x.x.x",
  "expires_in": 300,
  "refresh_expires_in": 1800,
  "refresh_token": "x.x.x",
  "token_type": "Bearer",
  "scope": "profile email"
}

Explanation of Key Fields

  • access_token: The main token used for authenticating API requests.
  • expires_in: The duration (in seconds) until the access_token expires. In this example, the token is valid for 300 seconds (5 minutes).
  • refresh_expires_in: The duration (in seconds) until the refresh_token expires, allowing token renewal without reauthentication.
  • refresh_token: Used to renew the access_token, avoiding the need for a full reauthentication.
  • token_type: Indicates the type of token, generally Bearer.
  • scope: Lists the authorized scopes for this token, such as profile and email access.

Note for Admins: The refresh_token can be used to renew the access_token before expiration.