Skip to main content

Authentication

Overview

Status: No authentication required by defaultAll endpoints are publicly accessible. Consider implementing authentication for production use based on blueoyester’s auth requirements.

User Identification

While authentication is not required, user identification is handled via the resourceId parameter:
  • Purpose: Associates conversations with specific users for persistence
  • Format: String identifier (e.g., “user123”, “anonymous”)
  • Scope: Conversation threads and memory management

Security Considerations

For production deployments, consider implementing:
  • API Key Authentication: Bearer token in Authorization header
  • OAuth 2.0: Third-party authentication integration
  • JWT Tokens: Stateless authentication with claims
  • Rate Limiting: Per-user request limits

Request Headers

// Optional authentication headers for future implementation
{
  "Authorization": "Bearer your-api-key",
  "X-API-Key": "your-api-key"
}

User Context

User identification in API requests: 
{
  "resourceId": "user-123",  // User identifier
  "runtimeContext": {
    "metadata": {
      "userId": "user-123"  // Alternative user specification
    }
  }
}