Authentication

Compresh uses API keys for authentication. Every request must include a valid key in the Authorization header.

API key format

All Compresh API keys follow the format:

comp_xxxxxxxxxxxx

The comp_ prefix identifies the key as a Compresh credential. Keys are 32 characters long including the prefix.

Getting a key

Sign up or log in at your dashboard and navigate to Settings → API Keys. You can create multiple keys for different environments (development, staging, production).

Your API key is shown once at creation. Copy it immediately — it cannot be retrieved later. If you lose it, revoke and create a new one.

Using your key

Include the key in the Authorization header as a Bearer token:

Authorization: Bearer comp_your_key

If you're using an OpenAI-compatible SDK, pass it as the api_key parameter:

client = OpenAI(
    api_key="comp_your_key",
    base_url="https://api.compre.sh/v1"
)

Provider keys

Compresh forwards your requests to your LLM provider (OpenAI, Anthropic, etc.), which means it needs your provider API key. You configure this in the dashboard under Settings → Provider Keys.

How provider keys are stored

• Encrypted at rest using Fernet symmetric encryption
• Key derivation uses SHA-256
• Never logged, never included in error responses
• Never stored in plaintext at any point in the pipeline

Rate limits

API keys are subject to rate limits based on your plan tier. Limits are applied per key, not per account.

When you hit the limit, the API returns 429 Too Many Requests. See Rate Limits for full details and per-plan quotas.

Security best practices

• Store keys in environment variables, never in source code
• Use separate keys for development and production
• Rotate keys periodically — revoke old keys in the dashboard
• Monitor usage in the dashboard to detect anomalies

Error responses

Authentication failures return standard HTTP error codes: