For Developers
Authentication
OpenBio uses API key authentication via Bearer tokens. Keys are passed in the Authorization header for REST calls and provided at client initialization for the SDK.
API key pattern
Include your API key as a Bearer token in every request. Store it in an environment variable — never hardcode it in source files.
# Set your API key
export OPENBIO_API_KEY=obio_live_your_key_here
# Use it in curl requests
curl -H "Authorization: Bearer $OPENBIO_API_KEY" \
https://api.openbio.dev/v1/subjectsSDK initialization
Pass the API key at client creation. The SDK reads OPENBIO_API_KEY from the environment automatically if no key is provided.
import { OpenBio } from '@openbio/sdk';
// Explicit key
const client = new OpenBio({ apiKey: process.env.OPENBIO_API_KEY });
// Or let the SDK read OPENBIO_API_KEY from the environment automatically
const clientAuto = new OpenBio();
// For server-side Next.js (Server Components, Server Actions, Route Handlers):
// The key is never exposed to the browser — only used on the server.Key scopes
Production API keys support fine-grained scopes. At launch, OpenBio will support OAuth 2.0 and short-lived tokens for more granular access control.
| Scope | Access |
|---|---|
| evidence:read | Read subjects and evidence assertions |
| evidence:write | Ingest data and create assertions |
| cohorts:read | Run cross-subject cohort queries |
| agents:read | Retrieve structured agent context |
Demo environment
For this demo, authentication is disabled. The API Playground and all SDK examples run against synthetic data with no real key required. You can use any value for OPENBIO_API_KEY when testing locally.