All requests to the Declaw API must include an API key in the X-API-Key header.
Requests without a valid key return 401 Unauthorized:
{
"message": "unauthorized: missing or invalid API key"
}
Getting a key
Sign up at declaw.ai to obtain an API key for Declaw Cloud. Keys are validated against the key database on every request and are associated with a tier that determines your rate limits, resource caps, and deposit bounds.
See Plans & Limits for the full tier comparison — concurrent sandboxes, requests per second, max vCPUs / memory / disk, and session duration caps.
For enterprise on-prem deployments, your provisioned key is issued by the Declaw team during setup. Contact sales@declaw.ai for on-prem inquiries.
Using the API Key in SDKs
from declaw import Sandbox
sbx = Sandbox.create(
api_key="YOUR_API_KEY",
domain="api.declaw.ai",
)
import { Sandbox } from "@declaw/sdk";
const sbx = await Sandbox.create({
apiKey: "YOUR_API_KEY",
domain: "api.declaw.ai",
});
Environment Variables
Both SDKs read the API key from the DECLAW_API_KEY environment variable
when api_key / apiKey is not passed explicitly:
export DECLAW_API_KEY=YOUR_API_KEY
export DECLAW_DOMAIN=api.declaw.ai
Never hard-code API keys in source code or commit them to version control. Use
environment variables or a secrets manager instead.
