How Authentication Works The Tented Vibe Coding API uses bearer API keys. Each key belongs to exactly one Tented workspace, and every request runs in that workspace’s context.
Send your key in the Authorization header:
Authorization: Bearer tented_your_api_key
If the key is valid, Tented resolves the associated workspace internally and authorizes the request for that workspace only.
Creating an API Key Vibe Coding API keys are created inside Tented by a workspace admin.
Ask an admin to create an API key for your workspace.
Copy the raw key when it is shown.
Store it in your secrets manager or environment variables.
Tented only returns the raw API key once at creation time. After that, only key metadata remains visible in the app.
Request Example curl --request GET \ --url https://api.tented.ai/v1/tents/00000000-0000-4000-8000-000000000000 \ --header "Authorization: Bearer $TENTED_API_KEY "
Common Authentication Failures Status Cause 401 UnauthorizedMissing Authorization header 401 UnauthorizedHeader is not in Bearer <token> format 401 UnauthorizedAPI key is unknown, revoked, or expired
Security Notes
Treat the key like a password.
Never expose it in browser-side code.
Rotate or revoke it if you suspect leakage.
Use separate keys for separate systems when you want cleaner auditability.
Workspace Scope An API key cannot cross workspace boundaries. For example:
A tent created with Workspace A’s key cannot be fetched with Workspace B’s key.
An asset uploaded with one workspace’s key cannot be attached from another workspace.
Header Required Notes AuthorizationYes Bearer <api-key>Content-TypeYes for JSON requests Use application/json for POST /v1/tents Content-TypeYes for asset uploads Use multipart/form-data for POST /v1/tents/{tentId}/assets
Next: Upload Assets Learn how to attach files to a new or existing tent before generation.
