Authentication¶
All Public API requests require an API key passed in the X-API-Key header.
Creating an API Key¶
- Open the CloMan dashboard.
- Navigate to your clone's settings.
- Go to API Keys.
- Click Create API Key.
- Give it a name and optionally set an expiration date.
- Copy the key — it's shown only once.
API keys start with cloman_ and look like:
Store keys securely
Never commit API keys to version control. Use environment variables or a secrets manager.
Using the Key¶
Include the key in every request as the X-API-Key header:
curl -X POST https://api.cloman.app/api/v1/public/decide \
-H "X-API-Key: cloman_sk_abc123..." \
-H "Content-Type: application/json" \
-d '{"context": "Should we approve?"}'
Key Properties¶
| Property | Description |
|---|---|
| Name | Human-readable label for the key |
| Scopes | Permissions granted (currently: decide) |
| Expires At | Optional expiration date (1–365 days) |
| Last Used | Timestamp of the most recent request |
| Total Requests | Lifetime request count |
Key Limits¶
- Each clone can have up to 5 API keys.
- Keys can be revoked at any time from the dashboard.
- Revoking a key takes effect immediately — all in-flight requests will fail.
Security Best Practices¶
- Rotate keys regularly — create a new key before revoking the old one.
- Use environment variables —
CLOMAN_API_KEYis the conventional name. - Set expiration dates for keys used in temporary or testing environments.
- Monitor usage — check the dashboard for unexpected spikes in requests.