Authentication
Auth patterns and security
Bearer Token Authentication
PLP uses Bearer token authentication. Pass your API key in the Authorization header:
http
Authorization: Bearer your-api-keySDK Usage
const client = new PLPClient("https://api.example.com/v1", {
apiKey: "your-api-key"
})Both SDKs automatically add the Authorization: Bearer header to all requests. Custom headers are also supported for additional auth schemes.
Optional Authentication
Authentication is optional per the spec. Servers may allow unauthenticated read access to public prompts while requiring auth for writes. The server decides its auth policy.
Best Practices
- Store API keys in environment variables, never in code
- Use different keys for development and production
- Always use HTTPS in production
- Return
401for missing/invalid auth,403for insufficient permissions