# API Keys

SolonGate uses API keys for authentication. Each project gets both live and test keys.

Livesg_live_xxx

Production keys. Connects to api.solongate.com for policy sync, audit logging, and dashboard integration.

Testsg_test_xxx

Development keys. Works offline — no API connection needed. Uses local policy presets only.

How to Get Your API Keys

Create an account

Go to auth.solongate.com and sign up with email, GitHub, or Google.

Create a project

In the dashboard, go to Projects → Create Project. Enter a name and description.

Copy your keys

After creation, both sg_live_ and sg_test_ keys are shown once. Copy and save them immediately.

Setting Up Your API Key

The recommended way is to put your key in a .env file in your project root:

bash

1# .env
2# Get your keys from: https://solongate.com → Dashboard → Projects
3# IMPORTANT: Never commit this file to git!
4
5# Live key — connects to dashboard for policy sync + audit logging
6SOLONGATE_API_KEY=sg_live_your_key_here
7
8# Test key — offline mode, no dashboard connection (for development)
9# SOLONGATE_API_KEY=sg_test_your_key_here

Security Rules

Never commit .env to git — add it to .gitignore
Never hardcode keys in source code — always use environment variables
If a key is leaked, go to Dashboard → API Keys → Roll (rotate) immediately
Use sg_test_ keys for development — they work offline without API validation

If you use npx @solongate/proxy@latest init, a .env file is created automatically with placeholder keys.

Authentication Methods

bash

1curl -X POST https://api.solongate.com/api/v1/validate \
2  -H "X-API-Key: sg_live_xxxxxxxxxxxxxxxxxxxx" \
3  -H "Content-Type: application/json" \
4  -d '{"tool": "file_read", "arguments": {"path": "/data/file.txt"}}'

Using API Keys in Code

typescript

1import { SolonGateAPI } from '@solongate/sdk';
2
3// From environment variable (recommended)
4const api = new SolonGateAPI({
5  apiKey: process.env.SOLONGATE_API_KEY!,
6});
7
8// Or pass directly (NOT recommended — never hardcode in production)
9const api = new SolonGateAPI({
10  apiKey: 'sg_live_xxxxxxxxxxxxxxxxxxxx',
11});

Live vs Test Keys

Feature	`sg_live_`	`sg_test_`
Policy evaluation	From dashboard (cloud)	Local preset only
Audit logging	Sent to dashboard	Local only
Input guard	Active	Active
Rate limiting	Active	Active
Online validation	Required (checks api.solongate.com)	Not needed (works offline)
Use case	Production, staging	Development, CI/CD, unit tests

Secure Defaults Validation

# API Keys

SolonGate uses API keys for authentication. Each project gets both live and test keys.

Livesg_live_xxx

Production keys. Connects to api.solongate.com for policy sync, audit logging, and dashboard integration.

Testsg_test_xxx

Development keys. Works offline — no API connection needed. Uses local policy presets only.

How to Get Your API Keys

Create an account

Go to auth.solongate.com and sign up with email, GitHub, or Google.

Create a project

In the dashboard, go to Projects → Create Project. Enter a name and description.

Copy your keys

After creation, both sg_live_ and sg_test_ keys are shown once. Copy and save them immediately.

Setting Up Your API Key

The recommended way is to put your key in a .env file in your project root:

bash

1# .env
2# Get your keys from: https://solongate.com → Dashboard → Projects
3# IMPORTANT: Never commit this file to git!
4
5# Live key — connects to dashboard for policy sync + audit logging
6SOLONGATE_API_KEY=sg_live_your_key_here
7
8# Test key — offline mode, no dashboard connection (for development)
9# SOLONGATE_API_KEY=sg_test_your_key_here

Security Rules

Never commit .env to git — add it to .gitignore
Never hardcode keys in source code — always use environment variables
If a key is leaked, go to Dashboard → API Keys → Roll (rotate) immediately
Use sg_test_ keys for development — they work offline without API validation

If you use npx @solongate/proxy@latest init, a .env file is created automatically with placeholder keys.

Authentication Methods

bash

1curl -X POST https://api.solongate.com/api/v1/validate \
2  -H "X-API-Key: sg_live_xxxxxxxxxxxxxxxxxxxx" \
3  -H "Content-Type: application/json" \
4  -d '{"tool": "file_read", "arguments": {"path": "/data/file.txt"}}'

Using API Keys in Code

typescript

1import { SolonGateAPI } from '@solongate/sdk';
2
3// From environment variable (recommended)
4const api = new SolonGateAPI({
5  apiKey: process.env.SOLONGATE_API_KEY!,
6});
7
8// Or pass directly (NOT recommended — never hardcode in production)
9const api = new SolonGateAPI({
10  apiKey: 'sg_live_xxxxxxxxxxxxxxxxxxxx',
11});

Live vs Test Keys

Feature	`sg_live_`	`sg_test_`
Policy evaluation	From dashboard (cloud)	Local preset only
Audit logging	Sent to dashboard	Local only
Input guard	Active	Active
Rate limiting	Active	Active
Online validation	Required (checks api.solongate.com)	Not needed (works offline)
Use case	Production, staging	Development, CI/CD, unit tests

Secure Defaults Validation