Skip to main content

Authentication

The GYBC platform supports two authentication methods.

JWT Authentication (Dashboard)

For dashboard users authenticated via Firebase Identity Platform. Pass the Firebase ID token as a Bearer token.

curl -X POST https://api.yocaso.dev/llm.v1.services.gateway.v1.LLMGatewayService/ListThreads \
  -H "Authorization: Bearer <jwt-token>" \
  -H "Content-Type: application/json" \
  -d '{}'

API Key Authentication (Backend-to-Backend)

For programmatic access from customer backends. API keys use the prefix convention sk_live_* (production) and sk_test_* (test environment).

curl -X POST https://api.yocaso.dev/llm.v1.services.gateway.v1.LLMGatewayService/ListThreads \
  -H "X-API-Key: sk_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{}'

User Impersonation

API keys with the users:impersonate scope can act on behalf of specific users by setting the X-On-Behalf-Of header:

curl -X POST https://api.yocaso.dev/llm.v1.services.gateway.v1.LLMGatewayService/SendMessage \
  -H "X-API-Key: sk_live_your_key_here" \
  -H "X-On-Behalf-Of: user_123" \
  -H "Content-Type: application/json" \
  -d '{"conversation_key": "conv_abc", "user_message": {"role": "user", "content": "Hello"}}'

Request Format

All API endpoints use Restate's HTTP invocation pattern:

POST /<package.ServiceName>/<Method>
Content-Type: application/json

Request and response bodies use protojson encoding (JSON representation of Protocol Buffer messages).

Code Examples

Python

import requests

BASE_URL = "https://api.yocaso.dev"
API_KEY = "sk_live_your_key_here"

headers = {
    "X-API-Key": API_KEY,
    "Content-Type": "application/json",
}

response = requests.post(
    f"{BASE_URL}/llm.v1.services.gateway.v1.LLMGatewayService/ListThreads",
    headers=headers,
    json={},
)
print(response.json())

Go

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

func main() {
    url := "https://api.yocaso.dev/llm.v1.services.gateway.v1.LLMGatewayService/ListThreads"
    body, _ := json.Marshal(map[string]any{})

    req, _ := http.NewRequest("POST", url, bytes.NewReader(body))
    req.Header.Set("X-API-Key", "sk_live_your_key_here")
    req.Header.Set("Content-Type", "application/json")

    resp, err := http.DefaultClient.Do(req)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()
    fmt.Println("Status:", resp.Status)
}

Node.js

const response = await fetch(
  "https://api.yocaso.dev/llm.v1.services.gateway.v1.LLMGatewayService/ListThreads",
  {
    method: "POST",
    headers: {
      "X-API-Key": "sk_live_your_key_here",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({}),
  }
);
const data = await response.json();
console.log(data);