DocsAuthentication
Authentication
The SaSiRa API uses secret API keys to authenticate incoming requests. All requests must be made over HTTPS and include a valid API key in the Authorization header.
Authorization Header
Pass your secret API key in every HTTP request using the standard Bearer scheme in the Authorization header:
// Request Header
Authorization: Bearer sra_live_YOUR_SECRET_KEY
Replace sra_live_YOUR_SECRET_KEY with the actual key generated from your dashboard.
Example — cURL RequestPOST
curl -X POST \
"https://api.sasira.id/v1/ocr/ktp" \
-H "Authorization: Bearer sra_live_8392kasd812j31has0a" \
-H "Content-Type: multipart/form-data" \
-F "image=@/path/to/ktp.jpg"
Security Best Practices
Never expose your API keys in client-side JavaScript, GitHub repos, or public places.
Always make API calls from secure server-side environments.
Rotate your keys periodically and immediately if compromised.
Use environment variables (e.g. .env files) to store keys securely.
Key Types
Live
sra_live_...Used in production environments. Consumes from your monthly quota.
Test
sra_test_...Used in development and testing. Returns mock data without consuming quota.
Error Responses
401Unauthorized
// HTTP/1.1 401 Unauthorized
{
"success": false,
"error": "Invalid API key provided."
}429Rate Limit Exceeded
// HTTP/1.1 429 Too Many Requests
{
"success": false,
"error": "Rate limit exceeded. Upgrade your plan."
}Manage API Keys
Generate, rotate, and revoke your credentials