Mixpeek secures APIs with bearer auth, isolates data by namespace and organization, and enforces per‑route permissions and rate limits. This page outlines headers, scopes, tenancy, and operational protections.
Authentication & headers
Bearer auth
Authorization: Bearer <api_key>
Namespace
X-Namespace: <namespace_id_or_name>
Authorization & permissions
- API keys map to an organization and carry scoped permissions
- Routes declare required permissions; enforced via access policies
- Free‑tier credits and per‑route rate limits to protect backends
Tenancy and data isolation
API keys, users, and base limits;
internal_id
used for tenant filtersRate limiting & abuse protection
Per‑route limits
Redis‑backed counters with SlowAPI middleware in non‑local envs
Backpressure
Engine and datastore errors bubble up; APIs degrade gracefully
Payload validation
Pydantic 2.0 schemas across routes prevent malformed requests
CORS & headers
Strict CORS and security headers on API
Secrets & configuration
- Store API keys and datastore credentials in your secret manager
- Rotate keys periodically; audit access logs
- Scope S3 buckets per org/namespace where applicable
References
- Organizations: /api-reference/organizations/get-organization
- Namespaces: /api-reference/namespaces/create-namespace
- Health: /api-reference/health/healthcheck