Mixpeek secures APIs with bearer auth, isolates data by namespace and organization, and enforces per‑route permissions and rate limits. This page outlines headers, scopes, tenancy, and operational protections.

Authentication & headers

Bearer auth

Authorization: Bearer <api_key>

Namespace

X-Namespace: <namespace_id_or_name>

Authorization & permissions

  • API keys map to an organization and carry scoped permissions
  • Routes declare required permissions; enforced via access policies
  • Free‑tier credits and per‑route rate limits to protect backends

Tenancy and data isolation

API keys, users, and base limits; internal_id used for tenant filters

Rate limiting & abuse protection

Per‑route limits

Redis‑backed counters with SlowAPI middleware in non‑local envs

Backpressure

Engine and datastore errors bubble up; APIs degrade gracefully

Payload validation

Pydantic 2.0 schemas across routes prevent malformed requests

CORS & headers

Strict CORS and security headers on API

Secrets & configuration

  • Store API keys and datastore credentials in your secret manager
  • Rotate keys periodically; audit access logs
  • Scope S3 buckets per org/namespace where applicable

References