DocsAuthentication

Authentication

The SaSiRa API uses secret API keys to authenticate incoming requests. All requests must be made over HTTPS and include a valid API key in the Authorization header.

Authorization Header

Pass your secret API key in every HTTP request using the standard Bearer scheme in the Authorization header:

// Request Header
Authorization: Bearer sra_live_YOUR_SECRET_KEY

Replace sra_live_YOUR_SECRET_KEY with the actual key generated from your dashboard.

Example — cURL RequestPOST
curl -X POST \
"https://api.sasira.id/v1/ocr/ktp" \
-H "Authorization: Bearer sra_live_8392kasd812j31has0a" \
-H "Content-Type: multipart/form-data" \
-F "image=@/path/to/ktp.jpg"

Security Best Practices

Never expose your API keys in client-side JavaScript, GitHub repos, or public places.
Always make API calls from secure server-side environments.
Rotate your keys periodically and immediately if compromised.
Use environment variables (e.g. .env files) to store keys securely.

Key Types

Livesra_live_...

Used in production environments. Consumes from your monthly quota.

Testsra_test_...

Used in development and testing. Returns mock data without consuming quota.

Error Responses

401Unauthorized
// HTTP/1.1 401 Unauthorized
{ "success": false, "error": "Invalid API key provided." }
429Rate Limit Exceeded
// HTTP/1.1 429 Too Many Requests
{ "success": false, "error": "Rate limit exceeded. Upgrade your plan." }

Manage API Keys

Generate, rotate, and revoke your credentials