Entity Detector

Authentication

Entity Detector uses API tokens for authentication. Every request must include a valid token in the Authorization header.

Getting an API Token

  1. Create an account if you haven't already
  2. Log in to your dashboard
  3. Go to the "API Tokens" section
  4. Click "Create New Token"
  5. Give your token a descriptive name (e.g., "Production Server")
  6. Copy the token immediately - it's only shown once!

Token Security

Your API token is shown only once when created. We store only a hashed version for security. If you lose your token, you'll need to create a new one.

Using Your Token

Include your API token in the Authorization header with the Bearer scheme:

text
Authorization: Bearer ed_live_abc123xyz...

Example Request

bash
curl -X POST https://api.entitydetector.com/v1/analyze \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ed_live_abc123xyz..." \
  -d '{"text": "Your text here..."}'

Token Format

Entity Detector API tokens have the following format:

  • ed_live_ prefix for production tokens
  • Followed by a random alphanumeric string

Example: ed_live_a1b2c3d4e5f6...

Storing Tokens Securely

Never hardcode API tokens in your source code or commit them to version control. Use environment variables instead:

bash
# .env file
ENTITY_DETECTOR_API_KEY=ed_live_abc123xyz...

Then access it in your code:

javascript
// Load from environment variable
const apiKey = process.env.ENTITY_DETECTOR_API_KEY;

const response = await fetch('https://api.entitydetector.com/v1/analyze', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${apiKey}`
  },
  body: JSON.stringify({ text: 'Your text here...' })
});

Token Best Practices

Do

  • • Store tokens in environment variables
  • • Use different tokens for different environments
  • • Rotate tokens periodically
  • • Delete unused tokens
  • • Use descriptive token names

Don't

  • • Commit tokens to git repositories
  • • Share tokens via email or chat
  • • Use production tokens for testing
  • • Expose tokens in client-side code
  • • Log tokens in application logs

Managing Multiple Tokens

You can create multiple API tokens for different purposes:

  • Production - Your main application server
  • Staging - Pre-production testing
  • Development - Local development
  • CI/CD - Automated testing pipelines

This allows you to rotate or revoke tokens independently without affecting other environments.

Token Limits

PlanMax Tokens
Free3
Starter5
Pro10
Business25

Authentication Errors

If authentication fails, you'll receive a 401 Unauthorized response:

json
{
  "error": "Unauthorized",
  "message": "Invalid or missing API token",
  "code": "INVALID_TOKEN"
}

Common causes:

  • Missing Authorization header
  • Incorrect token format (missing "Bearer " prefix)
  • Token has been revoked or deleted
  • Typo in the token

Revoking Tokens

You can revoke tokens at any time from your dashboard. Revoked tokens are immediately invalid and cannot be restored. If you suspect a token has been compromised, revoke it immediately and create a new one.