Authentication
Understanding authentication and security in the Plexe Platform.
Authentication Overview
The Plexe Platform uses a robust authentication system to secure access to your resources and services. This page explains how authentication works, how to manage API keys, and best practices for security.
Authentication Methods
API Keys
For programmatic access to the Plexe API, API keys are the primary authentication method. API keys:
- Are long, random strings prefixed with
plx_sk_
- Must be included in the
x-api-key
header of all API requests - Have specific permission levels assigned when created
- Can be revoked or rotated at any time
- Are tied to your account for usage tracking and billing
Example API request with authentication:
Console Authentication
For access to the Plexe Console, the following authentication methods are supported:
- Email/Password: Standard account credentials
- OAuth Providers: Sign in with Google, GitHub, etc. (if enabled)
The Console uses secure, token-based authentication with automatic session expiration for security.
Managing API Keys
Creating API Keys
API keys can be created in two ways:
-
Via the Console:
- Navigate to the Settings → API Keys section
- Click “Create New API Key”
- Assign a descriptive name and required permissions
- Copy the key immediately (it will only be shown once)
-
Via the API:
- You can programmatically create API keys using an existing key with appropriate permissions
- See the Manage API Keys guide for details
API Key Permissions
When creating an API key, you can assign specific permission levels:
- Read-only: Can only make GET requests to fetch information
- Read & Write: Can both read data and create or modify resources
API Key Best Practices
- Limit Access: Create keys with the minimum permissions needed
- Use Descriptive Names: Help identify the purpose of each key
- Secure Storage: Store keys securely; never in public repositories or client-side code
- Regular Rotation: Change keys periodically, especially for production systems
- Immediate Revocation: If a key is compromised, revoke it immediately
Security Features
TLS Encryption
All communication with the Plexe Platform (both API and Console) is encrypted using TLS (HTTPS). This ensures that your data and authentication credentials are protected in transit.
Key Visibility
For security, full API keys are only displayed once at creation time. After that, the Console will only show a truncated version (first few and last few characters).
Access Logs
The Platform maintains comprehensive logs of authentication attempts and API key usage. These can be viewed in the Console for security monitoring and auditing.
Rate Limiting
To protect against brute force and denial of service attacks, the API implements rate limiting. If you exceed the allowed request rate, you’ll receive a 429 Too Many Requests
status code.
Session Management
For Console users, sessions automatically expire after periods of inactivity. Sensitive actions may require re-authentication for additional security.
Multi-factor Authentication (MFA)
Multi-factor Authentication will be available in a future platform release. The following methods are planned for implementation:
- Time-based One-Time Passwords (TOTP): Using authentication apps like Google Authenticator or Authy
- Email Verification: Receiving codes via email
Authentication Errors
Common authentication-related errors you may encounter:
HTTP Status | Error Code | Description |
---|---|---|
401 | invalid_key | API key is invalid or malformed |
401 | expired_key | API key has expired |
401 | revoked_key | API key has been revoked |
403 | insufficient_permissions | API key lacks required permissions for this operation |
429 | rate_limit_exceeded | Too many requests in a given time period |
Example Authentication Workflows
API Key Authentication in Python
API Key Rotation Best Practice
Enterprise Authentication Features
Enterprise SSO integration is on our roadmap. Please contact Plexe’s support team if you need specific authentication solutions for your organization.
Further Reading
- Manage API Keys - Step-by-step guide for API key management
- Manage Account - How to manage your account settings
- Billing Explanation - Understand how authentication relates to billing